Recommended update for the initial kernel livepatch

openSUSE-Leap-16.0-12 Recommended update for the initial kernel livepatch important SUSE SLFO 1.2 This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update. kernel-livepatch-6_12_0-160000_6-default-1-160000.1.1.ppc64le.rpm True kernel-livepatch-6_12_0-160000_6-default-1-160000.1.1.s390x.rpm True kernel-livepatch-6_12_0-160000_6-default-1-160000.1.1.x86_64.rpm True kernel-livepatch-6_12_0-160000_6-rt-1-160000.1.1.x86_64.rpm True openSUSE-Leap-16.0-13 Recommended update for rust-bindgen moderate SUSE SLFO 1.2 This update for rust-bindgen fixes the following issues: Update to version 0.71.1: * Unbreak shell completion and --version without header * Add version field to `bindgen` as a dependency * docs(book): fix inconsistent use of Clang versions * docs(book): fix package name for the extra Clang tools * Use `KyleMayes/install-llvm-action` to install LLVM * Use `macos-latest` on CI * Fix regression spotted at #3027 * Bless all the tests * Update the `--merge-extern-blocks` tests * Test the `unsafe_extern_blocks` feature * Add support for unsafe extern blocks * Fix some markdown * Expose the name of the inner type of an alias * Add FieldInfo::field_type_name * Wrap the array representation of opaque types in a #[repr(C)] struct * example test for item discovery callback (new_item_found) * expose discovered composite types and aliases to parse callbacks * Improve debug str generator * Fix `manual_let_else` and `single_match_else` lint * Fix `explicit_iter_loop` lint * Fix `if_not_else` lint * Fix `map_unwrap_or` lint * Fix `cast_lossless` lint * Fix a lot of `unused_qualifications` lints * Bump some dependencies * Consolidate clippy configuration * automate MSRV in CI * consolidate versions in one place * sort dependencies * Linting semicolons * Inline more format args, spelink * Applied clippy cloned->copied, and cleanup * Make RustEdition public * Test the `literal_cstr` feature with different editions * Add support for edition 2024 * Introduce `--rust-edition` * Make nightly target compatible with every other target * Use `Display` for `Builder::generate` errors * Clippify, and hide some lints in test output * Inline format args * Use v2 cargo resolver * a few more lints * avoid compiler warning * Automatic support for C-String literals * Bump to 2021 edition * Update the help message for `--rust-target` * Ignore the `layout.h` test * Make clippy happy :) * Remove deprecated targets * Add constructors to `RustTarget` * Represent Rust versions with integers * Make `RustTarget` parsing more permissive * Recognize inline namespaces using clang's dedicated API for that * Add test of macro-generated inline namespace * Install libtinfo5 from jammy-updates * Add `raw_ref_macros` feature * Handle version and shell completions * Let clap handle missing headers * abstract away the control-flow for applying args * delete duplicated default logic for `--anon-fields-prefix` * Formatted `CONTRIBUTING.md`. - Passes `markdownlint` (mostly) - Removed `$` from shell instructions, as to be more copy/paste friendly - Annotated code-like things with backticks. - Annotated all shell blocks with `sh` to format nicely on GitHub.com. * make `RegexSet` non-public * Move CLI options to `bindgen` * Set edition for `bindgen-integration` * Use workspace inheritance for dependencies * Changelog: Move --with-attribute-custom to unreleased * Restrict release workflow to pushes * Use `field_visibility` callback for new-type aliases * Wrap __library.get calls for variables if wrap_unsafe_ops * Add test showing bad behavior for non-functions * Wrap libloading::Library::new call in unsafe if --wrap-unsafe-ops * update small typo * Docs: Fix example code error * Require libclang 9.0 or newer Adds a check for the loaded libclang version and logs a warning if the version is unsupported. * Add additional helpers to bitfield data structure * Update CHANGELOG.md * Stabilize `--wrap-static-fns` * Update CHANGELOG.md * Use `\r\n\r\n` on Windows * Add support for custom attributes * update to use annotate-snippets 0.11.4 * update to annotate-snippets 0.10.2 * ir: Dig into atomic types. * Explain how to generate documentation for system headers * Only publish on crates.io if the workflow event is called `'Release'` * Update cargo-dist config rust-bindgen-0.71.1-160000.1.1.aarch64.rpm rust-bindgen-0.71.1-160000.1.1.ppc64le.rpm rust-bindgen-0.71.1-160000.1.1.s390x.rpm rust-bindgen-0.71.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-14 Recommended update for agama-products, agama-web-ui, agama, rubygem-agama-yast moderate SUSE SLFO 1.2 This update for agama-products, agama-web-ui, agama, rubygem-agama-yast fixes the following issues: Changes in agama-web-ui: - Use the JavaScript/TypeScript parser to extract strings for translation - Preserve installer options values after successful submission (bsc#1249636). - Fixed the check about which DASDs can be formatted (bsc#1243795). Changes in agama: - Do not log errors when retrieving NetworkManager secrets to prevent leaking them (bsc#1251898). Changes in rubygem-agama-yast: - Fixed an error in the calculation of partitions when several MD RAIDs are created (bsc#1253145). agama-products-opensuse-17+427.52990b794-160000.5.1.noarch.rpm agama-products-sle-17+427.52990b794-160000.5.1.noarch.rpm agama-web-ui-17+430.2f49499cf-160000.8.1.noarch.rpm agama-17+427.52990b794-160000.6.1.aarch64.rpm agama-autoinstall-17+427.52990b794-160000.6.1.aarch64.rpm agama-cli-17+427.52990b794-160000.6.1.aarch64.rpm agama-cli-bash-completion-17+427.52990b794-160000.6.1.noarch.rpm agama-cli-fish-completion-17+427.52990b794-160000.6.1.noarch.rpm agama-cli-zsh-completion-17+427.52990b794-160000.6.1.noarch.rpm agama-openapi-17+427.52990b794-160000.6.1.aarch64.rpm agama-scripts-17+427.52990b794-160000.6.1.aarch64.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.aarch64.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.aarch64.rpm agama-17+427.52990b794-160000.6.1.ppc64le.rpm agama-autoinstall-17+427.52990b794-160000.6.1.ppc64le.rpm agama-cli-17+427.52990b794-160000.6.1.ppc64le.rpm agama-openapi-17+427.52990b794-160000.6.1.ppc64le.rpm agama-scripts-17+427.52990b794-160000.6.1.ppc64le.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.ppc64le.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.ppc64le.rpm agama-17+427.52990b794-160000.6.1.s390x.rpm agama-autoinstall-17+427.52990b794-160000.6.1.s390x.rpm agama-cli-17+427.52990b794-160000.6.1.s390x.rpm agama-openapi-17+427.52990b794-160000.6.1.s390x.rpm agama-scripts-17+427.52990b794-160000.6.1.s390x.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.s390x.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.s390x.rpm agama-17+427.52990b794-160000.6.1.x86_64.rpm agama-autoinstall-17+427.52990b794-160000.6.1.x86_64.rpm agama-cli-17+427.52990b794-160000.6.1.x86_64.rpm agama-openapi-17+427.52990b794-160000.6.1.x86_64.rpm agama-scripts-17+427.52990b794-160000.6.1.x86_64.rpm ruby3.4-rubygem-agama-yast-17.devel437.3b5eef886-160000.1.1.x86_64.rpm agama-yast-17.devel437.3b5eef886-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-15 Recommended update for aws-cli-cmd important SUSE SLFO 1.2 This update for aws-cli-cmd fixes the following issues: - Disable security context for shared volume For sharing the home directory with the container the security context needs to be disabled to allow this shared mount. For details about this setting as well as approval on the approach please visit bsc#1252390 aws-cli-cmd-1.36.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-16 Recommended update for az-cli-cmd important SUSE SLFO 1.2 This update for az-cli-cmd fixes the following issues: Changes in az-cli-cmd: Version 1.37.0: - Drop dependencies that do not appear needed. Not referenced in the sources of azure-cli upstream. (bsc#1253140) - Change the deriviation chain by adding the az-sdk container as a base - Remove the executable script if it exists prior to generation of a new wrapper by flake-ctl. Otherwise flake-ctl complains about the existence of the script and we get an error during package update. - Disable security context for shared volume For sharing the home directory with the container the security context needs to be disabled to allow this shared mount. For details about this setting as well as approval on the approach please visit bsc#1252390 az-cli-cmd-1.37.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-17 Recommended update for python-kiwi moderate SUSE SLFO 1.2 This update for python-kiwi fixes the following issues: Version 10.2.33. - Run grub mkconfig with os-prober disabled Set GRUB_DISABLE_OS_PROBER=true to the caller environment such that it gets consumed via /etc/grub.d/30_os-prober This Fixes #2883 - Fixed typo in documentation Invalid XML syntax, missing end tag. This Fixes #2882 - References #2474 and #2475 poweroff instead of halt on oem shutdown - Fix rawhide integration test The package shim-ia32 got dropped - Add test for profiled overlays kiwi supports overlay files per profile, but we didn't had a proper integration test for it. This commit adds one - Mount proc when needed Using cp -a might lookup in proc/self/.. under certain conditions. Make sure to mount proc for config/function that might trigger this condition. This Fixes #2876 - Update test-image-custom-partitions test build Fix patch files to match with new dracut module dirs - Update dracut version compat runtime check Update check_dracut_module_versions_compatible_to_kiwi to match with new dracut module dirs which have changed due to recommended dracut module ordering for out-of-tree modules. - Fix dracut Makefile install target module dir names have changed due to recommended dracut module ordering for out-of-tree modules. - Update pacman spec to dract changed module dirs Follow up change for the fix of the recommended dracut module ordering for out-of-tree modules. - Update spec file due to dract changed module dirs Follow up change for the fix of the recommended dracut module ordering for out-of-tree modules. - Follow the recommended dracut module ordering for out-of-tree modules In dracut release v108 or later the recommended ordering for out out of tree modules is 50-59 range. The following is a section from dracut documentation: > Not using the 50-59 range for out of tree dracut modules will likely > lead to unintended errors in the initramfs generation process as your > dracut module will either run too early or too late in the generation process. > You have been warned. - Fix agama integration test Disable no longer existing agama-auto.service - Fixed agama integration test nothing provides agama-auto anymore - Update SLFO integration test Make sure ps tool is installed - Fix exclude list for live image builds When specifying a filesystem attribute for a live image build, the rootfs gets build directly into this filesystem instead of being a squashfs wraped ext4 which is the default layout for compatibility reasons. In this direct filesystem mode the exclude list was not passed along to the filesystem creation and causes unwanted metadata to be part of the final image. This Fixes #2873 - Fix test-image-custom-partitions integration test Same fix as for the Tumbleweed test now also applied to the Leap test. Patching of the new root device did no longer apply - Fix test-image-custom-partitions integration test Patching of the new root device did no longer apply - fix: resize for raid device, ensure vars like kiwi_RaidDev are loaded before setting disk variable - Do not clobber initialize method There was a method named initialize defined and implemented differently in the dracut modules kiwi-lib and kiwi-repart. kiwi-lib is expected to be shared code across all kiwi dracut modules. However if one module redefines a method of the same name which is used in another module and expected to work differently there, this is evil. This commit cleans up the name conflict and names the kiwi library init function as lib_initialize. All dracut code that is expected to make use of this method has been adopted too. - Skip kiwi-repart module in install ISOs In case the kiwi-repart module is explicitly requested in a dracut.conf file and the image is also configured to build an install ISO image this leads the install ISO to contain the kiwi-repart module as well which is unwanted. This commit explicitly omits the kiwi-repart when creating the initrd for the install image - Skip repart when booting install/live iso - Update leap test-image-disk integration test Add test for alternative volume ID in install ISO - Consolidate device lock into its own method Add set_device_lock method which uses udevadm lock preferable but also supports an flock fallback in case there is no lock command provided via systemd/udev - Fix bug in shell condition The shell code test ... || warn A; warn B will always print the warning for B despite the test result. This lead to the warning message "Settings from the kiwi description will be ignored" to be printed always. This commit fixes it with a clean if/then condition - Fix documentation rendering There was an indentation bug which caused the docs to render wrong. This commit fixes it - solver/repository: Handle zstd-compressed metadata files `_create_solvables` assumes metadata files are gzip-compressed, but modern Fedora ones are not, they are zstd-compressed. - uri: If we fail to resolve the metalink URI, log it It's rather useful to know *what* the URI is when something goes wrong, after all. Signed-off-by: Adam Williamson <awilliam@redhat.com> - Fix repartitioning with parted parted does locking itself already. Wrapping it in udevadm lock results in a deadlock, breaking boot. - Update test-image-disk-simple integration test Update slfo/test-image-disk-simple. Add more space for flake testing and add a user to test flakes for non root - Catch potential exceptions from pathlib.Path.mkdir Creating a directory can fail, we should catch this error instead of ending up in a stack trace dracut-kiwi-lib-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-live-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-verity-10.2.33-160000.1.1.aarch64.rpm kiwi-bash-completion-10.2.33-160000.1.1.noarch.rpm kiwi-man-pages-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.aarch64.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.aarch64.rpm python3-kiwi-10.2.33-160000.1.1.aarch64.rpm dracut-kiwi-lib-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-live-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-verity-10.2.33-160000.1.1.ppc64le.rpm kiwi-man-pages-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.ppc64le.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.ppc64le.rpm python3-kiwi-10.2.33-160000.1.1.ppc64le.rpm dracut-kiwi-lib-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-live-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-verity-10.2.33-160000.1.1.s390x.rpm kiwi-man-pages-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.s390x.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.s390x.rpm python3-kiwi-10.2.33-160000.1.1.s390x.rpm dracut-kiwi-lib-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-live-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-oem-dump-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-oem-repart-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-overlay-10.2.33-160000.1.1.x86_64.rpm dracut-kiwi-verity-10.2.33-160000.1.1.x86_64.rpm kiwi-man-pages-10.2.33-160000.1.1.x86_64.rpm kiwi-pxeboot-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-bootloaders-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-containers-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-containers-wsl-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-core-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-disk-images-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-filesystems-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-image-validation-10.2.33-160000.1.1.x86_64.rpm kiwi-systemdeps-iso-media-10.2.33-160000.1.1.x86_64.rpm python3-kiwi-10.2.33-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-18 Recommended update for scanner-databases moderate SUSE SLFO 1.2 This update for scanner-databases fixes the following issues: initial shipment. clamav-database-202509251737-160000.1.1.noarch.rpm trivy-database-202509250425-160000.1.1.noarch.rpm openSUSE-Leap-16.0-19 Recommended update for go1.25-openssl moderate SUSE SLFO 1.2 This update for go1.25-openssl fixes the following issues: go1.25-openssl is added to SLES 16.0 go1.25-openssl-1.25.1-160000.1.1.aarch64.rpm go1.25-openssl-doc-1.25.1-160000.1.1.aarch64.rpm go1.25-openssl-race-1.25.1-160000.1.1.aarch64.rpm go1.25-openssl-1.25.1-160000.1.1.ppc64le.rpm go1.25-openssl-doc-1.25.1-160000.1.1.ppc64le.rpm go1.25-openssl-race-1.25.1-160000.1.1.ppc64le.rpm go1.25-openssl-1.25.1-160000.1.1.s390x.rpm go1.25-openssl-doc-1.25.1-160000.1.1.s390x.rpm go1.25-openssl-race-1.25.1-160000.1.1.s390x.rpm go1.25-openssl-1.25.1-160000.1.1.x86_64.rpm go1.25-openssl-doc-1.25.1-160000.1.1.x86_64.rpm go1.25-openssl-race-1.25.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-2 Recommended update of flake-pilot moderate SUSE SLFO 1.2 This update for flake-pilot fixes the following issues: Update version to 3.1.22. - Fixes to use flakes as normal user Running a flake is a container based instance provisioning and startup. Some part of this process requires root permissions for example mounting the container instance store for the provisioning step. This commit fixes the required calls to be properly managed by sudo. - seed from entropy - Fix assignment of random sequence number We should use a seed for the sequence as described in https://rust-random.github.io/book/guide-seeding.html#a-simple-number In addition the logic when a random sequence number should be used was wrong and needed a fix regarding resume and attach type flakes which must not use a random sequence - Pass --init option for resume type flakes In resume mode a sleep command is used to keep the container open. However, without the --init option there is no signal handling available. This commit fixes it - Revert "kill prior remove when using %remove flag" This reverts commit 06c7d4aa71f74865dfecba399fd08cc2fde2e1f2. no hard killing needed with the event loop entrypoint - Fixed CVE-2025-55159 slab: incorrect bounds check Update to slab 0.4.11 to fix the mentioned CVE. This Fixes bsc#1248004 - Apply clippy fixes - Create sequence number for the same invocation If a flake which is not a resume or attach flake is called twice with the same invocation arguments an error message is displayed to give this invocation a new name via the @NAME runtime option. This commit makes this more comfortable and automatically assigns a random sequence number for the call if no @NAME is given. - kill prior remove when using %remove flag In case the container instance should be removed via the %remove flag, send a kill first, followed by a force remove. The reason for this is because we use a never ending sleep command as entry point for resume type containers. If they should be removed the standard signal send on podman rm will not stop the sleep and after a period of 10 seconds podman sends a kill signal itself. We can speedup this process as we know the entry point command and send the kill signal first followed by the remove which saves us some wait time spent in podman otherwise. - Fix clippy hints variables can be used directly in the format! string - Prune old images after load Make sure no <none> image references stay in the registry flake-pilot-3.1.22-160000.1.1.aarch64.rpm flake-pilot-firecracker-3.1.22-160000.1.1.aarch64.rpm flake-pilot-firecracker-dracut-netstart-3.1.22-160000.1.1.noarch.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.aarch64.rpm flake-pilot-podman-3.1.22-160000.1.1.aarch64.rpm flake-pilot-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-firecracker-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-podman-3.1.22-160000.1.1.ppc64le.rpm flake-pilot-3.1.22-160000.1.1.s390x.rpm flake-pilot-firecracker-3.1.22-160000.1.1.s390x.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.s390x.rpm flake-pilot-podman-3.1.22-160000.1.1.s390x.rpm flake-pilot-3.1.22-160000.1.1.x86_64.rpm flake-pilot-firecracker-3.1.22-160000.1.1.x86_64.rpm flake-pilot-firecracker-guestvm-tools-3.1.22-160000.1.1.x86_64.rpm flake-pilot-podman-3.1.22-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-20 Recommended update for selinux-policy critical SUSE SLFO 1.2 This update for selinux-policy fixes the following issues: Changes in selinux-policy: Update to version 20250627+git239.fcbf2d509: * fail2ban: bump module version * fail2ban: allow fail2ban to watch all log files and dirs (bsc#1251952) * fail2ban: fix typos in interface descriptions * fail2ban: tweak file context regex for /run/fail2ban * fail2ban: drop file context for old rc.d file * Allow wicket to manage its proc directories (bsc#1235731) * Allow NM to manage wicked pid files (bsc#1235731) * Allow NM to reach systemd unit files (bsc#1235731) * Make wicked script backwards compatible (bsc#1251923) * Allow snapper grub plugin to domtrans to bootloader_t (bsc#1251862) * Allow salt_t transition to rpm_script_t (bsc#1250696) * grub snapper plugin is now named 00-grub (bsc#1251793) * Assign alts_exec_t exec_file attribute (bsc#1250974) * Add equivalency between /srv/tomcat and /var/lib/tomcat (bsc#1251227) * Allow sshd_session_t write to wtmpdb * Support /usr/libexec/ssh as well as openssh folder * Set xenstored_use_store_type_domain boolean true(bsc#1247875) * Adjust guest and xguest users policy for sshd-session * Allow valkey-server create and use netlink_rdma_socket * Allow blueman get attributes of filesystems with extended attributes * Update files_search_base_file_types() * Introduce unconfined wicked_script_t (bsc#1205770, bsc#1250661) * Allow geoclue get attributes of the /dev/shm filesystem * Allow apcupsd get attributes of the /dev/shm filesystem * Allow sshd-session read cockpit pid files * Add /opt/.snapshots to the snapper file context (bsc#1232226) * Allow nfs generator create and use netlink sockets * Conditionally allow virt guests to read certificates in user home directories * xenstored_t needs CAP_SYS_ADMIN for XENSTORETYPE=domain (bsc#1247875) * Allow nfs-generator create and use udp sockets * Allow kdump search kdumpctl_tmp_t directories * Allow init open and read user tmp files * Fix the systemd_logind_stream_connect() interface * Allow staff and sysadm execute iotop using sudo * Allow sudodomains connect to systemd-logind over a unix socket * /boot/efi is dosfs_t and kdump needs to access it (bsc#1249370) * Add default contexts for sshd-seesion * Define types for new openssh executables * Fix systemd_manage_unit_symlinks() interface definition * Support coreos installation methods * Add a new type for systemd-ssh-issue PID files * Allow gnome-remote-desktop connect to unreserved ports * Zypper moves files in /var/tmp to /var/cache (bsc#1249052, bsc#1249435) * Allow mdadm the CAP_SYS_PTRACE capability * Allow iptables manage its private fifo_files in /tmp * Allow auditd manage its private run dirs * Revert "Allow virt_domain write to virt_image_t files" * Allow gdm create /etc/.pwd.lock with a file transition * Allow gdm bind a socket in the /run/systemd/userdbd directory * Allow nsswitch_domain connect to xdm over a unix domain socket * Allow systemd homed getattr all tmpfs files (bsc#1240883) * Allow systemd (PID 1) create lastlog entries * Allow systemd_homework_t transition pid files to lvm_var_run_t (bsc#1240883) * Allow gnome-remote-desktop speak with tabrmd over dbus (bsc#1244573) * Allow nm-dispatcher iscsi and sendmail plugins get pidfs attributes * Allow systemd-oomd watch tmpfs dirs * Allow chronyc the setgid and setuid capabilities * Label /usr/lib/systemd/systemd-ssh-issue with systemd_ssh_issue_exec_t * Allow stalld map sysfs files * Allow NetworkManager-dispatcher-winbind get pidfs attributes * Allow openvpn create and use generic netlink socket * policy_capabilities: remove estimated from released versions * policy_capabilities: add stub for userspace_initial_context * add netlink_xperm policy capability and nlmsg permission definitions * policy_capabilities: add ioctl_skip_cloexec * selinux-policy: add allow rule for tuned_ppd_t * selinux-policy: add allow rule for switcheroo_control_t * Label /run/audit with auditd_var_run_t * Allow virtqemud start a vm which uses nbdkit * Add nbdkit_signal() and nbdkit_signull() interfaces * Fix insights_client interfaces names * Add insights_core and insights_client interfaces * Fix selinux-autorelabel-generator label after upstream changes * Revert "Remove the mysql module sources" * Revert "Allow rasdaemon write access to sysfs (bsc#1229587)" * Reset postfix.fc to upstream, add alias instead * dist/targeted/modules.conf: enable slrnpull module * Allow bootupd delete symlinks in the /boot directory * Allow systemd-coredumpd capabilities in the user namespace * Allow openvswitch read virtqemud process state * Allow systemd-networkd to create leases directory * Apply generator template to selinux-autorelabel generator * Support virtqemud handle hotplug hostdev devices * Allow virtstoraged create qemu /var/run files * Allow unconfined_domain_type cap2_userns capabilities * Label /usr/libexec/postfix/tlsproxy with postfix_smtp_exec_t * Remove the mysql module sources * dist/targeted/modules.conf: Enable kmscon module (bsc#1238137) * Update kmscon policy module to kmscon version 9 (bsc#1238137) * Allow login to getattr pidfs * Allow systemd to map files under /sys * systemd: drop duplicate init_nnp_daemon_domain lines * Fix typo * Allow logwatch stream connect to opensmtpd * Allow geoclue read NetworkManager pid files * Allow unconfined user a file transition for creating sudo log directory * Allow virtqemud read/write inherited dri devices * Allow xdm_t create user namespaces * Update policy for login_userdomain * Add ppd_base_profile to file transition to get tuned_rw_etc_t type * Update policy for bootupd * Allow logwatch work with opensmtpd * Update dovecot policy for dovecot 2.4.1 * Allow ras-mc-ctl write to sysfs files * Allow anaconda-generator get attributes of all filesystems * Add the rhcd_rw_fifo_files() interface * Allow systemd-coredump the sys_chroot capability * Allow hostapd write to socket files in /tmp * Recognize /var/home as an alternate path for /home * Label /var/lib/lastlog with lastlog_t * Allow virtqemud write to sysfs files * Allow irqbalance search sssd lib directories * Allow samba-dcerpcd send sigkills to passwd * Allow systemd-oomd watch dbus pid sock files * Allow some confined users read and map generic log files * Allow login_userdomain watch the /run/log/journal directory * Allow login_userdomain dbus chat with tuned-ppd * Allow login_userdomain dbus chat with switcheroo-control * Allow userdomain to connect to systemd-oomd over a unix socket * Add insights_client_delete_lib_dirs() interface * Allow virtqemud_t use its private tmpfs files (bsc#1242998) * Allow virtqemud_t setattr to /dev/userfaultfd (bsc#1242998) * Allow virtqemud_t read and write /dev/ptmx (bsc#1242998) * Extend virtqemud_t tcp_socket permissions (bsc#1242998) * Allow virtqemud_t to read and write generic pty (bsc#1242998) * Allow systemd-importd create and unlink init pid socket * Allow virtqemud handle virt_content_t chr files * Allow svirt read virtqemud fifo files * All sblim-sfcbd the dac_read_search capability * Allow sblim domain read systemd session files * Allow sblim-sfcbd execute dnsdomainname * Confine nfs-server generator * Allow systemd-timedated start/stop timemaster services * Allow "hostapd_cli ping" run as a systemd service * Allow power-profiles-daemon get attributes of filesystems with extended attributes * Allow 'oomctl dump' to interact with systemd-oomd * Basic functionality for systemd-oomd * Basic enablement for systemd-oomd * Allow samba-bgqd send to smbd over a unix datagram socket * Update kernel_secretmem_use() * Add the file/watch_mountns permission * Update systemd-generators policy * Allow plymouthd_t read proc files of systemd_passwd_agent (bsc#1245470) * Allow insights-client file transition for files in /var/tmp * Allow tuned-ppd manage tuned log files * Allow systemd-coredump mount on tmpfs filesystems * Update sssd_dontaudit_read_public_files() * Allow zram-generator raw read fixed disk device * Add fs_write_cgroup_dirs() and fs_setattr_cgroup_dirs() interfaces selinux-policy-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-devel-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-doc-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-minimum-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-sandbox-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm selinux-policy-targeted-20250627+git239.fcbf2d509-160000.1.1.noarch.rpm openSUSE-Leap-16.0-21 Recommended update for ovmf important SUSE SLFO 1.2 This update for ovmf fixes the following issues: - Enable iSCSI boot support by default (bsc#1245454) * OvmfPkg: Add NETWORK_ISCSI_DEFAULT_ENABLE build flag * Add build flag NETWORK_ISCSI_DEFAULT_ENABLE for x64 OVMF to enable iSCSI boot support by default - Update firmware descriptors to remove tab whitespace (bsc#1247847) * Replace tab whitespace with spaces in 50-ovmf-x86_64-sev.json * Replace tab whitespace with spaces in 50-ovmf-x86_64-sev-snp.json - Update firmware descriptors for SEV-SNP and TDX (bsc#1247847) * Add 50-ovmf-x86_64-sev-snp.json to support the 'amd-sev-snp' feature. * Remove the sev-snp feature from 50-ovmf-x86_64-sev.json. * Update the device in 60-ovmf-x86_64-tdx.json from 'pflash' to 'memory'. ovmf-202502-160000.3.1.aarch64.rpm ovmf-tools-202502-160000.3.1.aarch64.rpm qemu-ovmf-ia32-202502-160000.3.1.noarch.rpm qemu-ovmf-x86_64-202502-160000.3.1.noarch.rpm qemu-uefi-aarch32-202502-160000.3.1.noarch.rpm qemu-uefi-aarch64-202502-160000.3.1.noarch.rpm qemu-uefi-riscv64-202502-160000.3.1.noarch.rpm ovmf-202502-160000.3.1.x86_64.rpm ovmf-tools-202502-160000.3.1.x86_64.rpm qemu-ovmf-x86_64-debug-202502-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-22 Security update for samba critical SUSE SLFO 1.2 This update for samba fixes the following issues: Update to 4.22.5: * CVE-2025-10230: Command injection via WINS server hook script (bsc#1251280). * CVE-2025-9640: uninitialized memory disclosure via vfs_streams_xattr (bsc#1251279). - Relax samba-gpupdate requirement for cepces, certmonger, and sscep to a recommends. They are only required if utilizing certificate auto enrollment (bsc#1249087). - Disable timeouts for smb.service so that possibly slow running ExecStartPre script 'update-samba-security-profile' doesn't cause service start to fail due to timeouts (bsc#1249181). - Ensure semanage is pulled in as a requirement when samba in installed when selinux security access mechanism that is used (bsc#1249180). - don't attempt to label paths that don't exist, also remove unecessary evaluation of semange & restorecon cmds (bsc#1249179). Update to 4.22.4: * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 * getpwuid does not shift to new DC when current DC is down * Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName- * Unresponsive second DC can cause idmapping failure when using idmap_ad- * kinit command is failing with Missing cache Error. * Figuring out the DC name from IP address fails and breaks fork_domain_child(). * vfs_streams_depot fstatat broken. * Delayed leader broadcast can block ctdb forever. * Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine). * Fix handling of empty GPO link. * SMB ACL inheritance doesn't work for files created. - adjust gpgme build dependency for future-proofing ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ceph-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-doc-4.22.5+git.431.dc5a539f124-160000.1.1.noarch.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.aarch64.rpm ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.ppc64le.rpm ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.s390x.rpm ctdb-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm ctdb-pcp-pmda-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm ldb-tools-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm libldb-devel-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm libldb2-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm python3-ldb-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ad-dc-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ad-dc-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ceph-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-client-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-client-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-dcerpc-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-devel-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-dsdb-modules-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-gpupdate-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-ldb-ldap-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-libs-python3-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-python3-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-test-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-tool-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-winbind-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm samba-winbind-libs-4.22.5+git.431.dc5a539f124-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-23 Security update for tiff important SUSE SLFO 1.2 This update for tiff fixes the following issues: tiff was updated to 4.7.1: * Software configuration changes: * Define HAVE_JPEGTURBO_DUAL_MODE_8_12 and LERC_STATIC in tif_config.h. * CMake: define WORDS_BIGENDIAN via tif_config.h * doc/CMakeLists.txt: remove useless cmake_minimum_required() * CMake: fix build with LLVM/Clang 17 (fixes issue #651) * CMake: set CMP0074 new policy * Set LINKER_LANGUAGE for C targets with C deps * Export tiffxx cmake target (fixes issue #674) * autogen.sh: Enable verbose wget. * configure.ac: Syntax updates for Autoconf 2.71 * autogen.sh: Re-implement based on autoreconf. Failure to update config.guess/config.sub does not return error (fixes issue #672) * CMake: fix CMake 4.0 warning when minimum required version is < 3.10. * CMake: Add build option tiff-static (fixes issue #709) Library changes: * Add TIFFOpenOptionsSetWarnAboutUnknownTags() for explicit control about emitting warnings for unknown tags. No longer emit warnings about unknown tags by default * tif_predict.c: speed-up decompression in some cases. * Bug fixes: * tif_fax3: For fax group 3 data if no EOL is detected, reading is retried without synchronisation for EOLs. (fixes issue #54) * Updating TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE. Updating TIFFMergeFieldInfo() with read_count=write_count=0 for FIELD_IGNORE. Improving handling when field_name = NULL. (fixes issue #532) * tiff.h: add COMPRESSION_JXL_DNG_1_7=52546 as used for JPEGXL compression in the DNG 1.7 specification * TIFFWriteDirectorySec: Increment string length for ASCII tags for codec tags defined with FIELD_xxx bits, as it is done for FIELD_CUSTOM tags. (fixes issue #648) * Do not error out on a tag whose tag count value is zero, just issue a warning. Fix parsing a private tag 0x80a6 (fixes issue #647) * TIFFDefaultTransferFunction(): give up beyond td_bitspersample = 24 Fixes https://github.com/OSGeo/gdal/issues/10875) * tif_getimage.c: Remove unnecessary calls to TIFFRGBAImageOK() (fixes issue #175) * Fix writing a Predictor=3 file with non-native endianness * _TIFFVSetField(): fix potential use of unallocated memory (out-of-bounds * read / nullptr dereference) in case of out-of-memory situation when dealing with custom tags (fixes issue #663) * tif_fax3.c: Error out for CCITT fax encoding if SamplesPerPixel is not equal 1 and PlanarConfiguration = Contiguous (fixes issue #26) * tif_fax3.c: error out after a number of times end-of-line or unexpected bad code words have been reached. (fixes issue #670) * Fix memory leak in TIFFSetupStrips() (fixes issue #665) * tif_zip.c: Provide zlib allocation functions. Otherwise for zlib built with -DZ_SOLO inflating will fail. * Fix memory leak in _TIFFSetDefaultCompressionState. (fixes issue #676) * tif_predict.c: Don’t overwrite input buffer of TIFFWriteScanline() if "prediction" is enabled. Use extra working buffer in PredictorEncodeRow(). (fixes issue #5) * tif_getimage.c: update some integer overflow checks (fixes issue #79) * tif_getimage.c: Fix buffer underflow crash for less raster rows at TIFFReadRGBAImageOriented() (fixes issue #704, bsc#1250413, CVE-2025-9900) * TIFFReadRGBAImage(): several fixes to avoid buffer overflows. * Correct passing arguments to TIFFCvtIEEEFloatToNative() and TIFFCvtIEEEDoubleToNative() if HAVE_IEEEFP is not defined. (fixes issue #699) * LZWDecode(): avoid nullptr dereference when trying to read again after EOI marker has been found with remaining output bytes (fixes issue #698) * TIFFSetSubDirectory(): check _TIFFCheckDirNumberAndOffset() return. * TIFFUnlinkDirectory() and TIFFWriteDirectorySec(): clear tif_rawcp when clearing tif_rawdata (fixes issue #711) * JPEGEncodeRaw(): error out if a previous scanline failed to be written, to avoid out-of-bounds access (fixes issue #714) * tif_jpeg: Fix bug in JPEGDecodeRaw() if JPEG_LIB_MK1_OR_12BIT is defined for 8/12bit dual mode, introduced in libjpeg-turbo 2.2, which was actually released as 3.0. Fixes issue #717 * add assert for TIFFReadCustomDirectory infoarray check. * ppm2tiff: Fix bug in pack_words trailing bytes, where last two bytes of each line were written wrongly. (fixes issue #467) * fax2ps: fix regression of commit 28c38d648b64a66c3218778c4745225fe3e3a06d where TIFFTAG_FAXFILLFUNC is being used rather than an output buffer (fixes issue #649) * tiff2pdf: Check TIFFTAG_TILELENGTH and TIFFTAGTILEWIDTH (fixes issue #650) * tiff2pdf: check h_samp and v_samp for range 1 to 4 to avoid division by zero. Fixes issue #654 * tiff2pdf: avoid null pointer dereference. (fixes issue #741) * Improve non-secure integer overflow check (comparison of division result with multiplicant) at compiler optimisation in tiffcp, rgb2ycbcr and tiff2rgba. Fixes issue #546 * tiff2rgba: fix some "a partial expression can generate an overflow before it is assigned to a broader type" warnings. (fixes issue #682) * tiffdither/tiffmedian: Don't skip the first line of the input image. (fixes issue #703) * tiffdither: avoid out-of-bounds read identified in issue #733 * tiffmedian: error out if TIFFReadScanline() fails (fixes issue #707) * tiffmedian: close input file. (fixes issue #735) * thumbail: avoid potential out of bounds access (fixes issue #715) * tiffcrop: close open TIFF files and release allocated buffers before exiting in case of error to avoid memory leaks. (fixes issue #716) * tiffcrop: fix double-free and memory leak exposed by issue #721 * tiffcrop: avoid buffer overflow. (fixes issue #740) * tiffcrop: avoid nullptr dereference. (fixes issue #734) * tiffdump: Fix coverity scan issue CID 1373365: Passing tainted expression *datamem to PrintData, which uses it as a divisor or modulus. * tiff2ps: check return of TIFFGetFiled() for TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer dereference. (fixes issue #718) * tiffcmp: fix memory leak when second file cannot be opened. (fixes issue #718 and issue #729) * tiffcp: fix setting compression level for lossless codecs. (fixes issue #730) * raw2tiff: close input file before exit (fixes issue #742) Tools changes: * tiffinfo: add a -W switch to warn about unknown tags. * tiffdither: process all pages in input TIFF file. * Documentation: * TIFFRGBAImage.rst note added for incorrect saving of images with TIFF orientation from 5 (LeftTop) to 8 (LeftBottom) in the raster. * TIFFRGBAImage.rst note added about un-associated alpha handling (fixes issue #67) * Update "Defining New TIFF Tags" description. (fixes issue #642) * Fix return type of TIFFReadEncodedTile() * Update the documentation to reflect deprecated typedefs. * TIFFWriteDirectory.rst: Clarify TIFFSetWriteOffset() only sets offset for image data and not for IFD data. * Update documentation on re-entrancy and thread safety. * Remove dead links to no more existing Awaresystems web-site. * Updating BigTIFF specification and some miscelaneous editions. * Replace some last links and remove last todos. * Added hints for correct allocation of TIFFYCbCrtoRGB structure and its associated buffers. (fixes issue #681) * Added chapter to "Using the TIFF Library" with links to handling multi-page TIFF and custom directories. (fixes issue #43) * update TIFFOpen.rst with the return values of mapproc and unmapproc. (fixes issue #12) Security issues fixed: * CVE-2025-8961: Fix segmentation fault via main function of tiffcrop utility [bsc#1248117] * CVE-2025-8534: Fix null pointer dereference in function PS_Lvl2page [bsc#1247582] * CVE-2025-9165: Fix local execution manipulation can lead to memory leak [bsc#1248330] * CVE-2024-13978: Fix null pointer dereference in tiff2pdf [bsc#1247581] * CVE-2025-8176: Fix heap use-after-free in tools/tiffmedian.c [bsc#1247108] * CVE-2025-8177: Fix possible buffer overflow in tools/thumbnail.c:setrow() [bsc#1247106] - Fix TIFFMergeFieldInfo() read_count=write_count=0 (bsc#1243503) libtiff-devel-4.7.1-160000.1.1.aarch64.rpm libtiff6-4.7.1-160000.1.1.aarch64.rpm tiff-4.7.1-160000.1.1.aarch64.rpm libtiff-devel-docs-4.7.1-160000.1.1.noarch.rpm tiff-docs-4.7.1-160000.1.1.noarch.rpm libtiff-devel-4.7.1-160000.1.1.ppc64le.rpm libtiff6-4.7.1-160000.1.1.ppc64le.rpm tiff-4.7.1-160000.1.1.ppc64le.rpm libtiff-devel-4.7.1-160000.1.1.s390x.rpm libtiff6-4.7.1-160000.1.1.s390x.rpm tiff-4.7.1-160000.1.1.s390x.rpm libtiff-devel-4.7.1-160000.1.1.x86_64.rpm libtiff6-4.7.1-160000.1.1.x86_64.rpm tiff-4.7.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-24 Security update for libxslt important SUSE SLFO 1.2 This update for libxslt fixes the following issues: Changes in libxslt: - CVE-2025-11731: Fixed type confusion in exsltFuncResultCompfunction leading to denial of service (bsc#1251979) - CVE-2025-10911: Fixed use-after-free with key data stored cross-RVT (bsc#1250553) libexslt0-1.1.43-160000.3.1.aarch64.rpm libxslt-devel-1.1.43-160000.3.1.aarch64.rpm libxslt-tools-1.1.43-160000.3.1.aarch64.rpm libxslt1-1.1.43-160000.3.1.aarch64.rpm libexslt0-1.1.43-160000.3.1.ppc64le.rpm libxslt-devel-1.1.43-160000.3.1.ppc64le.rpm libxslt-tools-1.1.43-160000.3.1.ppc64le.rpm libxslt1-1.1.43-160000.3.1.ppc64le.rpm libexslt0-1.1.43-160000.3.1.s390x.rpm libxslt-devel-1.1.43-160000.3.1.s390x.rpm libxslt-tools-1.1.43-160000.3.1.s390x.rpm libxslt1-1.1.43-160000.3.1.s390x.rpm libexslt0-1.1.43-160000.3.1.x86_64.rpm libxslt-devel-1.1.43-160000.3.1.x86_64.rpm libxslt-tools-1.1.43-160000.3.1.x86_64.rpm libxslt1-1.1.43-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-25 Recommended update for pesign-obs-integration moderate SUSE SLFO 1.2 This update for pesign-obs-integration fixes the following issues: - pesign-obs-integration fails build when no signed binary is produced (bsc#1248618) pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.aarch64.rpm pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.ppc64le.rpm pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.s390x.rpm pesign-obs-integration-10.2+git20250219.c99462c-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-26 Recommended update for dracut important SUSE SLFO 1.2 This update for dracut fixes the following issues: - Additional fixes for PXE boot with filled-in NBFT (bsc#1238848): * fix (74nvmf): make sure autoconnect script is run at least once * fix (74nvmf): only set netroot if it's yet empty dracut-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.aarch64.rpm dracut-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.ppc64le.rpm dracut-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.s390x.rpm dracut-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-extra-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-fips-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-ima-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm dracut-tools-059+suse.700.g40f7c5c4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-27 Recommended update for wpa_supplicant moderate SUSE SLFO 1.2 This update for wpa_supplicant fixes the following issues: - Build wpa_gui with qt6 instead of obsolete qt5 - Update build config: * Enable 802.11ax support wpa_supplicant-2.11-160000.3.1.aarch64.rpm wpa_supplicant-gui-2.11-160000.3.1.aarch64.rpm wpa_supplicant-2.11-160000.3.1.ppc64le.rpm wpa_supplicant-gui-2.11-160000.3.1.ppc64le.rpm wpa_supplicant-2.11-160000.3.1.s390x.rpm wpa_supplicant-gui-2.11-160000.3.1.s390x.rpm wpa_supplicant-2.11-160000.3.1.x86_64.rpm wpa_supplicant-gui-2.11-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-28 Recommended update for gnome-shell moderate SUSE SLFO 1.2 This update for gnome-shell fixes the following issues: - Avoid error log when can't load calendars (bsc#1247037). - Fix taking interactive screenshots via D-Bus. - Fix pointer scaling glitches in magnifier. - Fix drawing glitch in sliders in RTL locales. - Misc. bug fixes and cleanups. - Updated translations. gnome-extensions-48.4-160000.1.1.aarch64.rpm gnome-shell-48.4-160000.1.1.aarch64.rpm gnome-shell-calendar-48.4-160000.1.1.aarch64.rpm gnome-shell-devel-48.4-160000.1.1.aarch64.rpm gnome-shell-lang-48.4-160000.1.1.noarch.rpm gnome-extensions-48.4-160000.1.1.ppc64le.rpm gnome-shell-48.4-160000.1.1.ppc64le.rpm gnome-shell-calendar-48.4-160000.1.1.ppc64le.rpm gnome-shell-devel-48.4-160000.1.1.ppc64le.rpm gnome-extensions-48.4-160000.1.1.s390x.rpm gnome-shell-48.4-160000.1.1.s390x.rpm gnome-shell-calendar-48.4-160000.1.1.s390x.rpm gnome-shell-devel-48.4-160000.1.1.s390x.rpm gnome-extensions-48.4-160000.1.1.x86_64.rpm gnome-shell-48.4-160000.1.1.x86_64.rpm gnome-shell-calendar-48.4-160000.1.1.x86_64.rpm gnome-shell-devel-48.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-29 Security update for expat important SUSE SLFO 1.2 This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584) expat-2.7.1-160000.3.1.aarch64.rpm libexpat-devel-2.7.1-160000.3.1.aarch64.rpm libexpat1-2.7.1-160000.3.1.aarch64.rpm expat-2.7.1-160000.3.1.ppc64le.rpm libexpat-devel-2.7.1-160000.3.1.ppc64le.rpm libexpat1-2.7.1-160000.3.1.ppc64le.rpm expat-2.7.1-160000.3.1.s390x.rpm libexpat-devel-2.7.1-160000.3.1.s390x.rpm libexpat1-2.7.1-160000.3.1.s390x.rpm expat-2.7.1-160000.3.1.x86_64.rpm libexpat-devel-2.7.1-160000.3.1.x86_64.rpm libexpat1-2.7.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-3 Recommended update of python-instance-billing-flavor-check moderate SUSE SLFO 1.2 This update for python-instance-billing-flavor-check fixes the following issues: - Build fix for SLE 16 and later (bsc#1250110) python-instance-billing-flavor-check-1.0.1-160000.3.1.aarch64.rpm python-instance-billing-flavor-check-1.0.1-160000.3.1.ppc64le.rpm python-instance-billing-flavor-check-1.0.1-160000.3.1.s390x.rpm python-instance-billing-flavor-check-1.0.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-30 Security update for openexr moderate SUSE SLFO 1.2 This update for openexr fixes the following issues: - CVE-2025-64181: Fixed use of uninitialized memory in function generic_unpack() (bsc#1253233) libIex-3_2-31-3.2.2-160000.3.1.aarch64.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.aarch64.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.aarch64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.aarch64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.aarch64.rpm openexr-3.2.2-160000.3.1.aarch64.rpm openexr-devel-3.2.2-160000.3.1.aarch64.rpm openexr-doc-3.2.2-160000.3.1.noarch.rpm libIex-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.ppc64le.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.ppc64le.rpm openexr-3.2.2-160000.3.1.ppc64le.rpm openexr-devel-3.2.2-160000.3.1.ppc64le.rpm libIex-3_2-31-3.2.2-160000.3.1.s390x.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.s390x.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.s390x.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.s390x.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.s390x.rpm openexr-3.2.2-160000.3.1.s390x.rpm openexr-devel-3.2.2-160000.3.1.s390x.rpm libIex-3_2-31-3.2.2-160000.3.1.x86_64.rpm libIex-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libIlmThread-3_2-31-3.2.2-160000.3.1.x86_64.rpm libIlmThread-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libOpenEXR-3_2-31-3.2.2-160000.3.1.x86_64.rpm libOpenEXR-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libOpenEXRCore-3_2-31-3.2.2-160000.3.1.x86_64.rpm libOpenEXRCore-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm libOpenEXRUtil-3_2-31-3.2.2-160000.3.1.x86_64.rpm libOpenEXRUtil-3_2-31-x86-64-v3-3.2.2-160000.3.1.x86_64.rpm openexr-3.2.2-160000.3.1.x86_64.rpm openexr-devel-3.2.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-31 Recommended update for x3270 moderate SUSE SLFO 1.2 This update for x3270 fixes the following issues: Changes in x3270: - Upgrade to version 4.4ga6 x3270-4.4-160000.1.1.aarch64.rpm x3270-4.4-160000.1.1.ppc64le.rpm x3270-4.4-160000.1.1.s390x.rpm x3270-4.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-32 Recommended update for autofs important SUSE SLFO 1.2 This update for autofs fixes the following issues: Changes in autofs: - Modified NetworkManager-autofs: (bsc#1250091) * don't reload autofs.service on loopback interface changes * add --no-block option to request asynchronous behavior autofs-5.1.9-160000.4.1.aarch64.rpm autofs-5.1.9-160000.4.1.ppc64le.rpm autofs-5.1.9-160000.4.1.s390x.rpm autofs-5.1.9-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-33 Security update for ongres-scram important SUSE SLFO 1.2 This update for ongres-scram fixes the following issues: - CVE-2025-59432: Fixed timing attack vulnerability in SCRAM Authentication (bsc#1250399) ongres-scram-3.1-160000.3.1.noarch.rpm ongres-scram-client-3.1-160000.3.1.noarch.rpm ongres-scram-javadoc-3.1-160000.3.1.noarch.rpm openSUSE-Leap-16.0-34 Recommended update for smartmontools moderate SUSE SLFO 1.2 This update for smartmontools fixes the following issues: - update-smart-drivedb: * Provide support for the new upstream GitHub repository. * Do not overwrite files in /usr/share. * Use /var/lib provided by --with-drivedbinstdir. - Add smartmontools-drivedb.h version 5894 from the branch 7.5. - Update to 7.5 (jsc#PED-13806). smartmontools-7.5-160000.3.1.aarch64.rpm smartmontools-7.5-160000.3.1.ppc64le.rpm smartmontools-7.5-160000.3.1.s390x.rpm smartmontools-7.5-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-35 Recommended update for openmpi5 moderate SUSE SLFO 1.2 This update for openmpi5 fixes the following issues: - Enable Grid Cluster Scheduler support (jsc#PED-13373) - Update to 5.0.8 - UCC collective operations: * Improved handling of MPI_IN_PLACE in allgather, allgatherv, alltoall, alltoallv, gather, gatherv, scatter, and scatterv operations - UCX OSC: Added support for "no_locks" info key to disable lock table usage - OFI MTL: Enhanced CXI provider support for better compatibility - AARCH64: Added SVE detection alongside NEON in aarch64 op component - Fortran: Fixed common symbol sizes and alignments for better compatibility - Hugepage Mpool: Fixed sizing of hugepages for better memory management - Configure: Fixed --with-prrte=internal option handling - Documentation: Updated shared memory and networking documentation - Build system: Fixed support for flang on OSX - Removed unused spread contrib sample scripts - Various documentation updates and improvements - CI: Removed Ubuntu 18 and RHEL 7 from test matrix - Fixed type mismatch errors in shared memory components - Updated Java configuration for latest Fedora releases - Fixed memory zone reference counting in UCX dynamic windows - Fixed a compilation error as it was merged upstream openmpi5-5.0.8-160000.1.1.aarch64.rpm openmpi5-config-5.0.8-160000.1.1.aarch64.rpm openmpi5-devel-5.0.8-160000.1.1.aarch64.rpm openmpi5-docs-5.0.8-160000.1.1.aarch64.rpm openmpi5-libs-5.0.8-160000.1.1.aarch64.rpm openmpi5-macros-devel-5.0.8-160000.1.1.aarch64.rpm openmpi5-testsuite-5.0.8-160000.1.1.noarch.rpm openmpi5-5.0.8-160000.1.1.ppc64le.rpm openmpi5-config-5.0.8-160000.1.1.ppc64le.rpm openmpi5-devel-5.0.8-160000.1.1.ppc64le.rpm openmpi5-docs-5.0.8-160000.1.1.ppc64le.rpm openmpi5-libs-5.0.8-160000.1.1.ppc64le.rpm openmpi5-macros-devel-5.0.8-160000.1.1.ppc64le.rpm openmpi5-5.0.8-160000.1.1.s390x.rpm openmpi5-config-5.0.8-160000.1.1.s390x.rpm openmpi5-devel-5.0.8-160000.1.1.s390x.rpm openmpi5-docs-5.0.8-160000.1.1.s390x.rpm openmpi5-libs-5.0.8-160000.1.1.s390x.rpm openmpi5-macros-devel-5.0.8-160000.1.1.s390x.rpm openmpi5-5.0.8-160000.1.1.x86_64.rpm openmpi5-config-5.0.8-160000.1.1.x86_64.rpm openmpi5-devel-5.0.8-160000.1.1.x86_64.rpm openmpi5-docs-5.0.8-160000.1.1.x86_64.rpm openmpi5-libs-5.0.8-160000.1.1.x86_64.rpm openmpi5-macros-devel-5.0.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-36 Recommended update for openmpi4 moderate SUSE SLFO 1.2 This update for openmpi4 fixes the following issues: - Enable Grid Cluster Scheduler support (jsc#PED-13373) openmpi4-4.1.8-160000.3.1.aarch64.rpm openmpi4-config-4.1.8-160000.3.1.aarch64.rpm openmpi4-devel-4.1.8-160000.3.1.aarch64.rpm openmpi4-docs-4.1.8-160000.3.1.aarch64.rpm openmpi4-libs-4.1.8-160000.3.1.aarch64.rpm openmpi4-macros-devel-4.1.8-160000.3.1.aarch64.rpm openmpi4-testsuite-4.1.8-160000.3.1.noarch.rpm openmpi4-4.1.8-160000.3.1.ppc64le.rpm openmpi4-config-4.1.8-160000.3.1.ppc64le.rpm openmpi4-devel-4.1.8-160000.3.1.ppc64le.rpm openmpi4-docs-4.1.8-160000.3.1.ppc64le.rpm openmpi4-libs-4.1.8-160000.3.1.ppc64le.rpm openmpi4-macros-devel-4.1.8-160000.3.1.ppc64le.rpm openmpi4-4.1.8-160000.3.1.s390x.rpm openmpi4-config-4.1.8-160000.3.1.s390x.rpm openmpi4-devel-4.1.8-160000.3.1.s390x.rpm openmpi4-docs-4.1.8-160000.3.1.s390x.rpm openmpi4-libs-4.1.8-160000.3.1.s390x.rpm openmpi4-macros-devel-4.1.8-160000.3.1.s390x.rpm openmpi4-4.1.8-160000.3.1.x86_64.rpm openmpi4-config-4.1.8-160000.3.1.x86_64.rpm openmpi4-devel-4.1.8-160000.3.1.x86_64.rpm openmpi4-docs-4.1.8-160000.3.1.x86_64.rpm openmpi4-libs-4.1.8-160000.3.1.x86_64.rpm openmpi4-macros-devel-4.1.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-37 Recommended update for plymouth important SUSE SLFO 1.2 This update for plymouth fixes the following issues: - Use frame-buffer in vmware VM platform, since the system use vesa, plymouth DRM driver intial out of time, and the cutomer also feedback frame-buffer works fine (bsc#1234643). - Bochs and cirrus DRM drivers are fully compatible with plymouth. Remove the workaround that forces them to use fbdev. - Resolves the blank screen when disabling fbdev interfaces (bsc#1232727, bsc#1234643). - Support the 2nd monitor hotplugin to the system in random order (bsc#1231214). - Tumbleweed following upstream, which already support "--runstatedir", don't need this modification anymore (jsc#PED-5841). - The current edition of autoconf on SLE-15-SP6:GA don't support "--runstatedir" yet, so reverse plymouth compile option to the old "--withruntimedir" (jsc#PED-5841). - Properly list services as parameters to: * populate-initrd: Install label-freetype plugin into initrd if * ply-device-manager: Add plymouth.force-frame-buffer-on-boot * systemd: Add mkinitcpio support to * ply-device-manager: Also ignore SimpleDRM devs in coldplug - Avoid invalid script commands failure (bsc#1203147). libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-branding-upstream-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-dracut-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-lang-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.aarch64.rpm plymouth-scripts-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-bgrt-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-fade-in-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-script-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-solar-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-spinfinity-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-spinner-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm plymouth-theme-tribar-22.02.122+94.4bd41a3-160000.3.1.noarch.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.ppc64le.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.s390x.rpm libply-boot-client5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm libply-splash-core5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm libply-splash-graphics5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm libply5-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-devel-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-fade-throbber-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-label-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-label-ft-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-script-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-space-flares-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-tribar-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm plymouth-plugin-two-step-22.02.122+94.4bd41a3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-38 Recommended update for powerpc-utils important SUSE SLFO 1.2 This update for powerpc-utils fixes the following issues: - Fix psize reporting on a CPU pool (bsc#1252108) - Start SMT service after networking (bsc#1249152) powerpc-utils-1.3.13-160000.3.1.ppc64le.rpm openSUSE-Leap-16.0-39 Security update for MozillaFirefox important SUSE SLFO 1.2 This update for MozillaFirefox fixes the following issues: Changes in MozillaFirefox: Firefox Extended Support Release 140.5.0 ESR: * Fixed: Various security fixes (MFSA 2025-88 bsc#1253188): * CVE-2025-13012 Race condition in the Graphics component * CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component * CVE-2025-13017 Same-origin policy bypass in the DOM: Notifications component * CVE-2025-13018 Mitigation bypass in the DOM: Security component * CVE-2025-13019 Same-origin policy bypass in the DOM: Workers component * CVE-2025-13013 Mitigation bypass in the DOM: Core & HTML component * CVE-2025-13020 Use-after-free in the WebRTC: Audio/Video component * CVE-2025-13014 Use-after-free in the Audio/Video component * CVE-2025-13015 Spoofing issue in Firefox - Firefox Extended Support Release 140.4.0 ESR * Fixed: Various security fixes. MFSA 2025-83 (bsc#1251263) * CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 Some non-writable Object properties could be modified * CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 - Firefox Extended Support Release 140.3.1 ESR (bsc#1250452) * Fixed: Improved reliability when HTTP/3 connections fail: Firefox no longer forces HTTP/2 during fallback, allowing the server to choose the protocol and preventing stalls on some sites. Firefox Extended Support Release 140.3.0 ESR * Fixed: Various security fixes (MFSA 2025-75 bsc#1249391) * CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 Same-origin policy bypass in the Layout component * CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 Integer overflow in the SVG component * CVE-2025-10536 Information disclosure in the Networking: Cache component * CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 MozillaFirefox-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-devel-140.5.0-160000.1.1.noarch.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.aarch64.rpm MozillaFirefox-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.ppc64le.rpm MozillaFirefox-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.s390x.rpm MozillaFirefox-140.5.0-160000.1.1.x86_64.rpm MozillaFirefox-branding-upstream-140.5.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-common-140.5.0-160000.1.1.x86_64.rpm MozillaFirefox-translations-other-140.5.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-4 Recommended update of cloud-regionsrv-client moderate SUSE SLFO 1.2 This update for cloud-regionsrv-client fixes the following issues: Update version to 10.5.2 (bsc#1247539) + When an instance fails verification server side the default credentials were left behind requireing manual intervantion prior to the next registration attempt. + Fix issue triggered when using instance-billing-flavor-check due to IP address handling as object rather than string introduced 10.5.0 cloud-regionsrv-client-10.5.2-160000.3.1.noarch.rpm cloud-regionsrv-client-generic-config-1.0.0-160000.3.1.noarch.rpm cloud-regionsrv-client-license-watcher-1.0.0-160000.3.1.noarch.rpm cloud-regionsrv-client-plugin-azure-2.0.0-160000.3.1.noarch.rpm cloud-regionsrv-client-plugin-ec2-1.0.5-160000.3.1.noarch.rpm cloud-regionsrv-client-plugin-gce-1.0.0-160000.3.1.noarch.rpm openSUSE-Leap-16.0-40 Recommended update for docker important SUSE SLFO 1.2 This update for docker fixes the following issues: Changes in docker: - Enable SELinux in default daemon.json config (--selinux-enabled). This has no impact on non-SELinux systems (bsc#1252290) docker-28.3.2_ce-160000.3.1.aarch64.rpm docker-bash-completion-28.3.2_ce-160000.3.1.noarch.rpm docker-buildx-0.25.0-160000.3.1.aarch64.rpm docker-fish-completion-28.3.2_ce-160000.3.1.noarch.rpm docker-rootless-extras-28.3.2_ce-160000.3.1.noarch.rpm docker-zsh-completion-28.3.2_ce-160000.3.1.noarch.rpm docker-28.3.2_ce-160000.3.1.ppc64le.rpm docker-buildx-0.25.0-160000.3.1.ppc64le.rpm docker-28.3.2_ce-160000.3.1.s390x.rpm docker-buildx-0.25.0-160000.3.1.s390x.rpm docker-28.3.2_ce-160000.3.1.x86_64.rpm docker-buildx-0.25.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-41 Recommended update for mariadb moderate SUSE SLFO 1.2 This update for mariadb fixes the following issues: - Update to 11.8.3 - Read config files when doing mysql_upgrade (bsc#1249396) libmariadbd-devel-11.8.3-160000.1.1.aarch64.rpm libmariadbd19-11.8.3-160000.1.1.aarch64.rpm mariadb-11.8.3-160000.1.1.aarch64.rpm mariadb-bench-11.8.3-160000.1.1.aarch64.rpm mariadb-client-11.8.3-160000.1.1.aarch64.rpm mariadb-errormessages-11.8.3-160000.1.1.noarch.rpm mariadb-galera-11.8.3-160000.1.1.aarch64.rpm mariadb-rpm-macros-11.8.3-160000.1.1.aarch64.rpm mariadb-test-11.8.3-160000.1.1.aarch64.rpm mariadb-tools-11.8.3-160000.1.1.aarch64.rpm libmariadbd-devel-11.8.3-160000.1.1.ppc64le.rpm libmariadbd19-11.8.3-160000.1.1.ppc64le.rpm mariadb-11.8.3-160000.1.1.ppc64le.rpm mariadb-bench-11.8.3-160000.1.1.ppc64le.rpm mariadb-client-11.8.3-160000.1.1.ppc64le.rpm mariadb-galera-11.8.3-160000.1.1.ppc64le.rpm mariadb-rpm-macros-11.8.3-160000.1.1.ppc64le.rpm mariadb-test-11.8.3-160000.1.1.ppc64le.rpm mariadb-tools-11.8.3-160000.1.1.ppc64le.rpm libmariadbd-devel-11.8.3-160000.1.1.s390x.rpm libmariadbd19-11.8.3-160000.1.1.s390x.rpm mariadb-11.8.3-160000.1.1.s390x.rpm mariadb-bench-11.8.3-160000.1.1.s390x.rpm mariadb-client-11.8.3-160000.1.1.s390x.rpm mariadb-galera-11.8.3-160000.1.1.s390x.rpm mariadb-rpm-macros-11.8.3-160000.1.1.s390x.rpm mariadb-test-11.8.3-160000.1.1.s390x.rpm mariadb-tools-11.8.3-160000.1.1.s390x.rpm libmariadbd-devel-11.8.3-160000.1.1.x86_64.rpm libmariadbd19-11.8.3-160000.1.1.x86_64.rpm mariadb-11.8.3-160000.1.1.x86_64.rpm mariadb-bench-11.8.3-160000.1.1.x86_64.rpm mariadb-client-11.8.3-160000.1.1.x86_64.rpm mariadb-galera-11.8.3-160000.1.1.x86_64.rpm mariadb-rpm-macros-11.8.3-160000.1.1.x86_64.rpm mariadb-test-11.8.3-160000.1.1.x86_64.rpm mariadb-tools-11.8.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-42 Security update for poppler important SUSE SLFO 1.2 This update for poppler fixes the following issues: - CVE-2025-52885: Fixed raw pointers leading to dangling pointers when the vector is resized (bsc#1251940) libpoppler-cpp2-25.04.0-160000.3.1.aarch64.rpm libpoppler-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-glib-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-glib8-25.04.0-160000.3.1.aarch64.rpm libpoppler148-25.04.0-160000.3.1.aarch64.rpm poppler-tools-25.04.0-160000.3.1.aarch64.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt5-1-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt6-3-25.04.0-160000.3.1.aarch64.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.aarch64.rpm libpoppler-cpp2-25.04.0-160000.3.1.ppc64le.rpm libpoppler-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-glib-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-glib8-25.04.0-160000.3.1.ppc64le.rpm libpoppler148-25.04.0-160000.3.1.ppc64le.rpm poppler-tools-25.04.0-160000.3.1.ppc64le.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt5-1-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt6-3-25.04.0-160000.3.1.ppc64le.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.ppc64le.rpm libpoppler-cpp2-25.04.0-160000.3.1.s390x.rpm libpoppler-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-glib-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-glib8-25.04.0-160000.3.1.s390x.rpm libpoppler148-25.04.0-160000.3.1.s390x.rpm poppler-tools-25.04.0-160000.3.1.s390x.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.s390x.rpm libpoppler-qt5-1-25.04.0-160000.3.1.s390x.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-qt6-3-25.04.0-160000.3.1.s390x.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.s390x.rpm libpoppler-cpp2-25.04.0-160000.3.1.x86_64.rpm libpoppler-devel-25.04.0-160000.3.1.x86_64.rpm libpoppler-glib-devel-25.04.0-160000.3.1.x86_64.rpm libpoppler-glib8-25.04.0-160000.3.1.x86_64.rpm libpoppler148-25.04.0-160000.3.1.x86_64.rpm poppler-tools-25.04.0-160000.3.1.x86_64.rpm typelib-1_0-Poppler-0_18-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt5-1-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt5-devel-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt6-3-25.04.0-160000.3.1.x86_64.rpm libpoppler-qt6-devel-25.04.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-43 Recommended update for liburing moderate SUSE SLFO 1.2 This update for liburing fixes the following issues: - Add upstream patch to fix test on ppc64le liburing-devel-2.8-160000.3.1.aarch64.rpm liburing-ffi2-2.8-160000.3.1.aarch64.rpm liburing2-2.8-160000.3.1.aarch64.rpm liburing-devel-2.8-160000.3.1.ppc64le.rpm liburing-ffi2-2.8-160000.3.1.ppc64le.rpm liburing2-2.8-160000.3.1.ppc64le.rpm liburing-devel-2.8-160000.3.1.s390x.rpm liburing-ffi2-2.8-160000.3.1.s390x.rpm liburing2-2.8-160000.3.1.s390x.rpm liburing-devel-2.8-160000.3.1.x86_64.rpm liburing-ffi2-2.8-160000.3.1.x86_64.rpm liburing2-2.8-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-44 Recommended update for nvidia-open-driver-G06-signed moderate SUSE SLFO 1.2 This update for nvidia-open-driver-G06-signed fixes the following issues: Changes in nvidia-open-driver-G06-signed: Update CUDA variant to 580.95.05. Update to version 580.95.05 (boo#1250536). Update non-CUDA variant to 580.82.07 (boo#1249235). Update CUDA variant to 580.82.07. nvidia-open-driver-G06-signed-64kb-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-check-580.95.05-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-default-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-64kb-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nv-prefer-signed-open-driver-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-64kb-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-check-580.95.05-160000.1.1.noarch.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.95.05-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-64kb-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.aarch64.rpm nvidia-open-driver-G06-signed-default-devel-580.95.05-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.x86_64.rpm nv-prefer-signed-open-driver-580.95.05-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-default-devel-580.95.05-160000.1.1.x86_64.rpm nvidia-open-driver-G06-signed-cuda-kmp-default-580.95.05_k6.12.0_160000.6-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-45 Recommended update for wsl-firstboot moderate SUSE SLFO 1.2 This update for wsl-firstboot fixes the following issues: Update to version 1.5.9+git20251110.c1fca4e: * Adding Leap/TW check to modules/registration * Changing date tag for modules/switch Update to version 1.5.8+git20251110.828658c: * Adding 'or' for when ID == opensuse-tumbleweed so that wsl-config doesn't list 'switch' as an option in TW as well Update to version 1.5.7+git20251108.7a67d02: * Adding a check for ID since we have Leap/SLE 16.0 - Also will 'continue' when ID == opensuse-leap so that wsl-config doesn't list 'switch' as an option in Leap Update to version 1.5.6+git20251104.86be8d4: * Adding 'sleep and clear' to sbin/wsl-firstboot * Adding skip check for SLE16.0 to modules/switch * Removing ability to skip initual user creation wsl-firstboot-1.5.9+git20251110.c1fca4e-160000.1.1.noarch.rpm openSUSE-Leap-16.0-46 Security update for runc important SUSE SLFO 1.2 This update for runc fixes the following issues: - Update to runc v1.3.3: * CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1252232) runc-1.3.3-160000.1.1.aarch64.rpm runc-1.3.3-160000.1.1.ppc64le.rpm runc-1.3.3-160000.1.1.s390x.rpm runc-1.3.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-47 Security update for alloy moderate SUSE SLFO 1.2 This update for alloy fixes the following issues: - CVE-2025-58058: Removed dependency on vulnerable github.com/ulikunitz/xz (bsc#1248960). - CVE-2025-11065: Fixed sensitive information leak in logs (bsc#1250621). alloy-1.11.3-160000.1.1.aarch64.rpm alloy-1.11.3-160000.1.1.ppc64le.rpm alloy-1.11.3-160000.1.1.s390x.rpm alloy-1.11.3-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-48 Recommended update for crmsh moderate SUSE SLFO 1.2 This update for crmsh fixes the following issues: - Version update 5.0.0+20251110.f6e38810: - Fix: Avoid unnecessary sudo in sftp and ssh commands (bsc#1229416). - Fix: Avoid unnecessary sudo calls in ClusterShell SSH commands (bsc#1229416). - Fix: corosync: Fallback to CIB when node name is missing (bsc#1250585). - Fix: migration: Populate node name during corosync configuration migration (bsc#1250585). - Fix: sbd: Ensure proper cluster restart when adding diskless SBD (bsc#1248874). - Fix: Call crm report directly for the legacy `crm cluster health` command (bsc#1230324). - Fix: various fixes on: user interface, bootstrap auth, logs and docs - Dev: sbd: Check if fence-agents-sbd is installed on all nodes. - Dev: various code refactoring. crmsh-5.0.0+20251110.f6e38810-160000.1.1.noarch.rpm crmsh-scripts-5.0.0+20251110.f6e38810-160000.1.1.noarch.rpm crmsh-test-5.0.0+20251110.f6e38810-160000.1.1.noarch.rpm openSUSE-Leap-16.0-49 Recommended update for colord moderate SUSE SLFO 1.2 This update for colord fixes the following issues: - Update to version 1.4.8: + New Features: - Add AppStream metainfo XML with hardware provide info. - Add support for -Dsystemd_root_prefix to make local building easier. - Install sysusers.d config file if configured user is not root. + Bugfixes: - Add the source attribute for each man page. - Drop component type from AppStream metadata XML to avoid parsing error. - Fix a critical warning when running the self tests. - Fix USB scanners not working with RestrictAddressFamilies. - Fix writing to the database with ProtectSystem=strict. - Properly set the status to CD_SESSION_STATUS_RUNNING. - Use g_ascii_strtod instead of atof(). - Use sqlite3_errmsg() to avoid getting a mutable error message. - Changes from version 1.4.7: + Bugfixes: - Add various hardenings to the systemd service. - Always close the ICC profile when loading fails. - Avoid destructing LCMS plugin twice with lcms 2.14. - Do not make state files executable in tmpfiles.d/colord.conf. - Fix a double free spotted by Coverity. - Fix an error check when parsing the DTP94 data. - Fix a -Wincompatible-pointer-types warning. - Fix potential crash when reading from broken Huey hardware. - Set FILE_OFFSET_BITS explicitly. - Use a 64-bit time_t. - Use thread context for Gamut Alarm codes. colord-1.4.8-160000.1.1.aarch64.rpm colord-color-profiles-1.4.8-160000.1.1.aarch64.rpm colord-lang-1.4.8-160000.1.1.noarch.rpm libcolord-devel-1.4.8-160000.1.1.aarch64.rpm libcolord2-1.4.8-160000.1.1.aarch64.rpm libcolorhug2-1.4.8-160000.1.1.aarch64.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.aarch64.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.aarch64.rpm colord-1.4.8-160000.1.1.ppc64le.rpm colord-color-profiles-1.4.8-160000.1.1.ppc64le.rpm libcolord-devel-1.4.8-160000.1.1.ppc64le.rpm libcolord2-1.4.8-160000.1.1.ppc64le.rpm libcolorhug2-1.4.8-160000.1.1.ppc64le.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.ppc64le.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.ppc64le.rpm colord-1.4.8-160000.1.1.s390x.rpm colord-color-profiles-1.4.8-160000.1.1.s390x.rpm libcolord-devel-1.4.8-160000.1.1.s390x.rpm libcolord2-1.4.8-160000.1.1.s390x.rpm libcolorhug2-1.4.8-160000.1.1.s390x.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.s390x.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.s390x.rpm colord-1.4.8-160000.1.1.x86_64.rpm colord-color-profiles-1.4.8-160000.1.1.x86_64.rpm libcolord-devel-1.4.8-160000.1.1.x86_64.rpm libcolord2-1.4.8-160000.1.1.x86_64.rpm libcolorhug2-1.4.8-160000.1.1.x86_64.rpm typelib-1_0-Colord-1_0-1.4.8-160000.1.1.x86_64.rpm typelib-1_0-Colorhug-1_0-1.4.8-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-5 Recommended update of aws-cli-cmd, az-cli-cmd moderate SUSE SLFO 1.2 This update for aws-cli-cmd and az-cli-cmd fixes the following issues: - Use fixed python version 3.13 aws-cli-cmd-1.36.1-160000.2.1.noarch.rpm az-cli-cmd-1.36.1-160000.2.1.noarch.rpm openSUSE-Leap-16.0-50 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-53164: net: sched: fix ordering of qlen adjustment (bsc#1234863). - CVE-2024-57891: sched_ext: Fix invalid irq restore in scx_ops_bypass() (bsc#1235953). - CVE-2024-57951: hrtimers: Handle CPU state correctly on hotplug (bsc#1237108). - CVE-2024-57952: Revert "libfs: fix infinite directory reads for offset dir" (bsc#1237131). - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled (bsc#1240324). - CVE-2025-22034: mm/rmap: avoid -EBUSY from make_device_exclusive() (bsc#1241435). - CVE-2025-22077: Revert "smb: client: fix TCP timers deadlock after rmmod" (bsc#1241403). - CVE-2025-23141: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses (bsc#1242782). - CVE-2025-37821: sched/eevdf: Fix se->slice being set to U64_MAX and resulting (bsc#1242864). - CVE-2025-37849: KVM: arm64: Tear down vGIC on failed vCPU creation (bsc#1243000). - CVE-2025-37856: btrfs: harden block_group::bg_list against list_del() races (bsc#1243068). - CVE-2025-37861: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue (bsc#1243055). - CVE-2025-37864: net: dsa: clean up FDB, MDB, VLAN entries on unbind (bsc#1242965). - CVE-2025-38006: net: mctp: Do not access ifa_index when missing (bsc#1244930). - CVE-2025-38008: mm/page_alloc: fix race condition in unaccepted memory handling (bsc#1244939). - CVE-2025-38019: mlxsw: spectrum_router: Fix use-after-free when deleting GRE net devices (bsc#1245000). - CVE-2025-38034: btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref (bsc#1244792). - CVE-2025-38038: cpufreq: amd-pstate: Remove unnecessary driver_lock in set_boost (bsc#1244812). - CVE-2025-38058: __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock (bsc#1245151). - CVE-2025-38062: kABI: restore layout of struct msi_desc (bsc#1245216). - CVE-2025-38075: scsi: target: iscsi: Fix timeout on deleted connection (bsc#1244734). - CVE-2025-38101: ring-buffer: Fix buffer locking in ring_buffer_subbuf_order_set() (bsc#1245659). - CVE-2025-38103: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (bsc#1245663). - CVE-2025-38106: io_uring/sqpoll: do not put task_struct on tctx setup failure (bsc#1245664). - CVE-2025-38117: hci_dev centralize extra lock (bsc#1245695). - CVE-2025-38119: scsi: core: ufs: Fix a hang in the error handler (bsc#1245700). - CVE-2025-38125: net: stmmac: make sure that ptp_rate is not 0 before configuring EST (bsc#1245710). - CVE-2025-38146: net: openvswitch: Fix the dead loop of MPLS parse (bsc#1245767). - CVE-2025-38160: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() (bsc#1245780). - CVE-2025-38168: perf: arm-ni: Unregister PMUs on probe failure (bsc#1245763). - CVE-2025-38180: net: atm: fix /proc/net/atm/lec handling (bsc#1245970). - CVE-2025-38182: ublk: santizize the arguments from userspace when adding a device (bsc#1245937). - CVE-2025-38184: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (bsc#1245956). - CVE-2025-38185: atm: atmtcp: Free invalid length skb in atmtcp_c_send() (bsc#1246012). - CVE-2025-38190: atm: Revert atm_account_tx() if copy_from_iter_full() fails (bsc#1245973). - CVE-2025-38201: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX (bsc#1245977). - CVE-2025-38205: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 (bsc#1246005). - CVE-2025-38208: smb: client: add NULL check in automount_fullpath (bsc#1245815). - CVE-2025-38216: iommu/vt-d: Restore context entry setup order for aliased devices (bsc#1245963). - CVE-2025-38220: ext4: only dirty folios when data journaling regular files (bsc#1245966). - CVE-2025-38222: ext4: inline: fix len overflow in ext4_prepare_inline_data (bsc#1245976). - CVE-2025-38242: mm: userfaultfd: fix race of userfaultfd_move and swap cache (bsc#1246176). - CVE-2025-38244: smb: client: fix potential deadlock when reconnecting channels (bsc#1246183). - CVE-2025-38245: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister() (bsc#1246193). - CVE-2025-38251: atm: clip: prevent NULL deref in clip_push() (bsc#1246181). - CVE-2025-38256: io_uring/rsrc: fix folio unpinning (bsc#1246188). - CVE-2025-38258: mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write (bsc#1246185). - CVE-2025-38263: bcache: fix NULL pointer in cache_set_flush() (bsc#1246248). - CVE-2025-38267: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (bsc#1246245). - CVE-2025-38270: net: drv: netdevsim: do not napi_complete() from netpoll (bsc#1246252). - CVE-2025-38272: net: dsa: b53: do not enable EEE on bcm63xx (bsc#1246268). - CVE-2025-38301: nvmem: zynqmp_nvmem: unbreak driver after cleanup (bsc#1246351). - CVE-2025-38306: fs/fhandle.c: fix a race in call of has_locked_children() (bsc#1246366). - CVE-2025-38311: iavf: get rid of the crit lock (bsc#1246376). - CVE-2025-38318: perf: arm-ni: Fix missing platform_set_drvdata() (bsc#1246444). - CVE-2025-38322: perf/x86/intel: Fix crash in icl_update_topdown_event() (bsc#1246447). - CVE-2025-38323: net: atm: add lec_mutex (bsc#1246473). - CVE-2025-38337: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (bsc#1246253). - CVE-2025-38341: eth: fbnic: avoid double free when failing to DMA-map FW msg (bsc#1246260). - CVE-2025-38349: eventpoll: do not decrement ep refcount while still holding the ep mutex (bsc#1246777). - CVE-2025-38350: net/sched: Always pass notifications when child class becomes empty (bsc#1246781). - CVE-2025-38351: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (bsc#1246782). - CVE-2025-38352: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (bsc#1246911). - CVE-2025-38359: s390/mm: Fix in_atomic() handling in do_secure_storage_access() (bsc#1247076). - CVE-2025-38360: drm/amd/display: Add more checks for DSC / HUBP ONO guarantees (bsc#1247078). - CVE-2025-38365: btrfs: fix a race between renames and directory logging (bsc#1247023). - CVE-2025-38374: optee: ffa: fix sleep in atomic context (bsc#1247024). - CVE-2025-38382: btrfs: fix iteration of extrefs during log replay (bsc#1247031). - CVE-2025-38383: mm/vmalloc: fix data race in show_numa_info() (bsc#1247250). - CVE-2025-38392: idpf: convert control queue mutex to a spinlock (bsc#1247169). - CVE-2025-38396: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (bsc#1247156). - CVE-2025-38399: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() (bsc#1247097). - CVE-2025-38402: idpf: return 0 size for RSS key if not supported (bsc#1247262). - CVE-2025-38408: genirq/irq_sim: Initialize work context pointers properly (bsc#1247126). - CVE-2025-38418: remoteproc: core: Release rproc->clean_table after rproc_attach() fails (bsc#1247137). - CVE-2025-38419: remoteproc: core: Cleanup acquired resources when rproc_handle_resources() fails in rproc_attach() (bsc#1247136). - CVE-2025-38426: drm/amdgpu: Add basic validation for RAS header (bsc#1247252). - CVE-2025-38439: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT (bsc#1247155). - CVE-2025-38440: net/mlx5e: Fix race between DIM disable and net_dim() (bsc#1247290). - CVE-2025-38441: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (bsc#1247167). - CVE-2025-38444: raid10: cleanup memleak at raid10_make_request (bsc#1247162). - CVE-2025-38445: md/raid1: Fix stack memory use after return in raid1_reshape (bsc#1247229). - CVE-2025-38451: md/md-bitmap: fix GPF in bitmap_get_stats() (bsc#1247102). - CVE-2025-38453: kABI: io_uring: msg_ring ensure io_kiocb freeing is deferred (bsc#1247234). - CVE-2025-38456: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() (bsc#1247099). - CVE-2025-38457: net/sched: Abort __tc_modify_qdisc if parent class does not exist (bsc#1247098). - CVE-2025-38458: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() (bsc#1247116). - CVE-2025-38459: atm: clip: Fix infinite recursive call of clip_push() (bsc#1247119). - CVE-2025-38460: atm: clip: Fix potential null-ptr-deref in to_atmarpd() (bsc#1247143). - CVE-2025-38463: tcp: Correct signedness in skb remaining space calculation (bsc#1247113). - CVE-2025-38464: tipc: Fix use-after-free in tipc_conn_close() (bsc#1247112). - CVE-2025-38470: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (bsc#1247288). - CVE-2025-38472: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (bsc#1247313). - CVE-2025-38475: smc: Fix various oops due to inet_sock type confusion (bsc#1247308). - CVE-2025-38488: smb: client: fix use-after-free in crypt_message when using async crypto (bsc#1247239). - CVE-2025-38490: net: libwx: remove duplicate page_pool_put_full_page() (bsc#1247243). - CVE-2025-38491: mptcp: make fallback action and fallback decision atomic (bsc#1247280). - CVE-2025-38493: tracing/osnoise: Fix crash in timerlat_dump_stack() (bsc#1247283). - CVE-2025-38497: usb: gadget: configfs: Fix OOB read on empty string write (bsc#1247347). - CVE-2025-38499: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (bsc#1247976). - CVE-2025-38500: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (bsc#1248088). - CVE-2025-38508: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (bsc#1248190). - CVE-2025-38514: rxrpc: Fix oops due to non-existence of prealloc backlog struct (bsc#1248202). - CVE-2025-38524: rxrpc: Fix recv-recv race of completed call (bsc#1248194). - CVE-2025-38526: ice: add NULL check in eswitch lag check (bsc#1248192). - CVE-2025-38527: smb: client: fix use-after-free in cifs_oplock_break (bsc#1248199). - CVE-2025-38533: net: libwx: fix the using of Rx buffer DMA (bsc#1248200). - CVE-2025-38539: tracing: Add down_write(trace_event_sem) when adding trace event (bsc#1248211). - CVE-2025-38544: rxrpc: Fix bug due to prealloc collision (bsc#1248225). - CVE-2025-38545: net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info (bsc#1248224). - CVE-2025-38546: atm: clip: Fix memory leak of struct clip_vcc (bsc#1248223). - CVE-2025-38549: efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths (bsc#1248235). - CVE-2025-38554: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped (bsc#1248299). - CVE-2025-38556: HID: core: Harden s32ton() against conversion to 0 bits (bsc#1248296). - CVE-2025-38560: x86/sev: Evict cache lines during SNP memory validation (bsc#1248312). - CVE-2025-38566: sunrpc: fix handling of server side tls alerts (bsc#1248374). - CVE-2025-38571: sunrpc: fix client side handling of tls alerts (bsc#1248401). - CVE-2025-38572: ipv6: reject malicious packets in ipv6_gso_segment() (bsc#1248399). - CVE-2025-38574: pptp: ensure minimal skb length in pptp_xmit() (bsc#1248365). - CVE-2025-38584: padata: Fix pd UAF once and for all (bsc1248343). - CVE-2025-38588: ipv6: prevent infinite loop in rt6_nlmsg_size() (bsc#1248368). - CVE-2025-38593: kABI workaround for bluetooth discovery_state change (bsc#1248357). - CVE-2025-38597: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port (bsc#1248378). - CVE-2025-38608: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls (bsc#1248338). - CVE-2025-38614: eventpoll: Fix semi-unbounded recursion (bsc#1248392). - CVE-2025-38616: tls: handle data disappearing from under the TLS ULP (bsc#1248512). - CVE-2025-38618: vsock: Do not allow binding to VMADDR_PORT_ANY (bsc#1248511). - CVE-2025-38622: net: drop UFO packets in udp_rcv_segment() (bsc#1248619). - CVE-2025-38623: PCI: pnv_php: Fix surprise plug detection and recovery (bsc#1248610). - CVE-2025-38628: vdpa/mlx5: Fix release of uninitialized resources on error path (bsc#1248616). - CVE-2025-38639: netfilter: xt_nfacct: do not assume acct name is null-terminated (bsc#1248674). - CVE-2025-38640: bpf: Disable migration in nf_hook_run_bpf() (bsc#1248622). - CVE-2025-38643: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (bsc#1248681). - CVE-2025-38644: wifi: mac80211: reject TDLS operations when station is not associated (bsc#1248748). - CVE-2025-38659: gfs2: No more self recovery (bsc#1248639). - CVE-2025-38660: [ceph] parse_longname(): strrchr() expects NUL-terminated string (bsc#1248634). - CVE-2025-38664: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() (bsc#1248628). - CVE-2025-38676: iommu/amd: Avoid stack buffer overflow from kernel cmdline (bsc#1248775). - CVE-2025-38678: netfilter: nf_tables: reject duplicate device on updates (bsc#1249126). - CVE-2025-38684: net/sched: ets: use old 'nbands' while purging unused classes (bsc#1249156). - CVE-2025-38686: userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry (bsc#1249160). - CVE-2025-38700: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated (bsc#1249182). - CVE-2025-38701: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr (bsc#1249258). - CVE-2025-38709: loop: Avoid updating block size under exclusive owner (bsc#1249199). - CVE-2025-38710: gfs2: Validate i_depth for exhash directories (bsc#1249201). - CVE-2025-38730: io_uring/net: commit partial buffers on retry (bsc#1249172). - CVE-2025-38734: net/smc: fix UAF on smcsk after smc_listen_out() (bsc#1249324). - CVE-2025-39673: ppp: fix race conditions in ppp_fill_forward_path (bsc#1249320). - CVE-2025-39677: net/sched: Fix backlog accounting in qdisc_dequeue_internal (bsc#1249300). - CVE-2025-39681: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper (bsc#1249303). - CVE-2025-39682: tls: fix handling of zero-length records on the rx_list (bsc#1249284). - CVE-2025-39683: tracing: Limit access to parser->buffer when trace_get_user failed (bsc#1249286). - CVE-2025-39691: fs/buffer: fix use-after-free when call bh_read() helper (bsc#1249374). - CVE-2025-39698: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (bsc#1249322). - CVE-2025-39703: net, hsr: reject HSR frame if skb can't hold tag (bsc#1249315). - CVE-2025-39723: kABI: netfs: handle new netfs_io_stream flag (bsc#1249314). - CVE-2025-39744: rcu: Fix rcu_read_unlock() deadloop due to IRQ work (bsc#1249494). - CVE-2025-39749: rcu: Protect ->defer_qs_iw_pending from data race (bsc#1249533). - CVE-2025-39754: mm/smaps: fix race between smaps_hugetlb_range and migration (bsc#1249524). - CVE-2025-39766: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (bsc#1249510). - CVE-2025-39770: net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM (bsc#1249508). - CVE-2025-39773: net: bridge: fix soft lockup in br_multicast_query_expired() (bsc#1249504). - CVE-2025-39775: mm/mremap: fix WARN with uffd that has remap events disabled (bsc#1249500). - CVE-2025-39782: jbd2: prevent softlockup in jbd2_log_do_checkpoint() (bsc#1249526). - CVE-2025-39791: dm: dm-crypt: Do not partially accept write BIOs with zoned targets (bsc#1249550). - CVE-2025-39792: dm: Always split write BIOs to zoned device limits (bsc#1249618). - CVE-2025-39797: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (bsc#1249608). - CVE-2025-39813: ftrace: Also allocate and copy hash for reading of filter files (bsc#1250032). - CVE-2025-39816: io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (bsc#1249906). - CVE-2025-39823: KVM: x86: use array_index_nospec with indices that come from guest (bsc#1250002). - CVE-2025-39825: smb: client: fix race with concurrent opens in rename(2) (bsc#1250179). - CVE-2025-39828: kABI workaround for struct atmdev_ops extension (bsc#1250205). - CVE-2025-39830: net/mlx5: HWS, Fix memory leak in hws_pool_buddy_init error path (bsc#1249974). - CVE-2025-39838: cifs: prevent NULL pointer dereference in UTF16 conversion (bsc#1250365). - CVE-2025-39842: ocfs2: prevent release journal inode after journal shutdown (bsc#1250267). - CVE-2025-39847: ppp: fix memory leak in pad_compress_skb (bsc#1250292). - CVE-2025-39850: vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects (bsc#1250276). - CVE-2025-39851: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object (bsc#1250296). - CVE-2025-39852: net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 (bsc#1250258). - CVE-2025-39853: i40e: Fix potential invalid access when MAC list is empty (bsc#1250275). - CVE-2025-39854: ice: fix NULL access of tx->in_use in ice_ll_ts_intr (bsc#1250297). - CVE-2025-39857: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() (bsc#1250251). - CVE-2025-39865: tee: fix NULL pointer dereference in tee_shm_put (bsc#1250294). - CVE-2025-39875: igb: Fix NULL pointer dereference in ethtool loopback test (bsc#1250398). - CVE-2025-39885: ocfs2: fix recursive semaphore deadlock in fiemap call (bsc#1250407). - CVE-2025-39898: e1000e: fix heap overflow in e1000_set_eeprom (bsc#1250742). - CVE-2025-39900: net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y (bsc#1250758). - CVE-2025-39902: mm/slub: avoid accessing metadata when pointer is invalid in object_err() (bsc#1250702). - CVE-2025-39922: ixgbe: fix incorrect map used in eee linkmode (bsc#1250722). - CVE-2025-39926: genetlink: fix genl_bind() invoking bind() after -EPERM (bsc#1250737). - CVE-2025-39945: cnic: Fix use-after-free bugs in cnic_delete_task (bsc#1251230). - CVE-2025-39946: tls: make sure to abort the stream if headers are bogus (bsc#1251114). - CVE-2025-40300: x86/vmscape: Warn when STIBP is disabled with SMT (bsc#1247483). - CVE-2026-38264: nvme-tcp: sanitize request list handling (bsc#1246387). The following non-security bugs were fixed: - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() (git-fixes). - ACPI/processor_idle: Add FFH state handling (jsc#PED-13815). - ACPI/processor_idle: Export acpi_processor_ffh_play_dead() (jsc#PED-13815). - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path (stable-fixes). - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered (stable-fixes). - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list (stable-fixes). - ACPI: LPSS: Remove AudioDSP related ID (git-fixes). - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message (git-fixes). - ACPI: RISC-V: Fix FFH_CPPC_CSR error handling (git-fixes). - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled (stable-fixes). - ACPI: Suppress misleading SPCR console message when SPCR table is absent (stable-fixes). - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (git-fixes). - ACPI: battery: Add synchronization between interface updates (git-fixes). - ACPI: debug: fix signedness issues in read/write helpers (git-fixes). - ACPI: pfr_update: Fix the driver update version check (git-fixes). - ACPI: processor: Rescan "dead" SMT siblings during initialization (jsc#PED-13815). - ACPI: processor: fix acpi_object initialization (stable-fixes). - ACPI: processor: idle: Fix memory leak when register cpuidle device failed (git-fixes). - ACPI: processor: perflib: Fix initial _PPC limit application (git-fixes). - ACPI: processor: perflib: Move problematic pr->performance check (git-fixes). - ACPI: property: Fix buffer properties extraction for subnodes (git-fixes). - ACPICA: Fix largest possible resource descriptor index (git-fixes). - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (stable-fixes). - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (stable-fixes). - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() (git-fixes). - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX (stable-fixes). - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx (stable-fixes). - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx (stable-fixes). - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx (stable-fixes). - ALSA: hda/realtek: Add ALC295 Dell TAS2781 I2C fixup (git-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS (stable-fixes). - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA (stable-fixes). - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 (stable-fixes). - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (git-fixes). - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY (stable-fixes). - ALSA: hda/realtek: Fix headset mic on ASUS Zenbook 14 (git-fixes). - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X (stable-fixes). - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop (git-fixes). - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx (stable-fixes). - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table (stable-fixes). - ALSA: hda: Disable jack polling at shutdown (stable-fixes). - ALSA: hda: Handle the jack polling always via a work (stable-fixes). - ALSA: hda: intel-dsp-config: Prevent SEGFAULT if ACPI_HANDLE() is NULL (git-fixes). - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 (stable-fixes). - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() (git-fixes). - ALSA: lx_core: use int type to store negative error codes (git-fixes). - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT (git-fixes). - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop (stable-fixes). - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() (git-fixes). - ALSA: timer: fix ida_free call while not allocated (git-fixes). - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device (stable-fixes). - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on more devices (stable-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on some devices (stable-fixes). - ALSA: usb-audio: Allow Focusrite devices to use low samplerates (git-fixes). - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros (stable-fixes). - ALSA: usb-audio: Convert comma to semicolon (git-fixes). - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix block comments in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix build with CONFIG_INPUT=n (git-fixes). - ALSA: usb-audio: Fix code alignment in mixer_quirks (stable-fixes). - ALSA: usb-audio: Fix size validation in convert_chmap_v3() (git-fixes). - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (stable-fixes). - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (stable-fixes). - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation (git-fixes). - ALSA: usb-audio: Validate UAC3 cluster segment descriptors (git-fixes). - ALSA: usb-audio: Validate UAC3 power domain descriptors, too (git-fixes). - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free (git-fixes). - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk (stable-fixes). - ASoC: Intel: avs: Fix uninitialized pointer error in probe() (stable-fixes). - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (git-fixes). - ASoC: Intel: catpt: Expose correct bit depth to userspace (git-fixes). - ASoC: Intel: fix SND_SOC_SOF dependencies (stable-fixes). - ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback (git-fixes). - ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel (git-fixes). - ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time (git-fixes). - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (git-fixes). - ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context (git-fixes). - ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down (git-fixes). - ASoC: SOF: ipc4-topology: Account for different ChainDMA host buffer size (git-fixes). - ASoC: SOF: ipc4-topology: Correct the minimum host DMA buffer size (git-fixes). - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode (stable-fixes). - ASoC: amd: acp: Adjust pdm gain value (stable-fixes). - ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx (stable-fixes). - ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx (stable-fixes). - ASoC: amd: yc: add DMI quirk for ASUS M6501RM (stable-fixes). - ASoC: codecs: rt5640: Retry DEVICE_ID verification (stable-fixes). - ASoC: codecs: tx-macro: correct tx_macro_component_drv name (stable-fixes). - ASoC: codecs: wcd9375: Fix double free of regulator supplies (git-fixes). - ASoC: codecs: wcd937x: Drop unused buck_supply (git-fixes). - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() (stable-fixes). - ASoC: fsl_sai: replace regmap_write with regmap_update_bits (git-fixes). - ASoC: fsl_xcvr: get channel status data when PHY is not exists (git-fixes). - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection (stable-fixes). - ASoC: imx-hdmi: remove cpu_pdev related code (git-fixes). - ASoC: mediatek: mt8365-dai-i2s: pass correct size to mt8365_dai_set_priv (git-fixes). - ASoC: mediatek: use reserved memory or enable buffer pre-allocation (git-fixes). - ASoC: ops: dynamically allocate struct snd_ctl_elem_value (git-fixes). - ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface (git-fixes). - ASoC: qcom: audioreach: fix potential null pointer dereference (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed (git-fixes). - ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S (git-fixes). - ASoC: qcom: use drvdata instead of component to keep id (stable-fixes). - ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue (stable-fixes). - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() (git-fixes). - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed (stable-fixes). - ASoC: tas2781: Fix the wrong step for TLV on tas2781 (git-fixes). - ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() (git-fixes). - ASoC: wm8940: Correct PLL rate rounding (git-fixes). - ASoC: wm8940: Correct typo in control name (git-fixes). - ASoC: wm8974: Correct PLL rate rounding (git-fixes). - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() (git-fixes). - Bluetooth: ISO: Fix possible UAF on iso_conn_free (git-fixes). - Bluetooth: ISO: do not leak skb in ISO_CONT RX (git-fixes). - Bluetooth: ISO: free rx_skb if not consumed (git-fixes). - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO (git-fixes). - Bluetooth: MGMT: Fix possible UAFs (git-fixes). - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown (git-fixes). - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 (stable-fixes). - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano (stable-fixes). - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 (stable-fixes). - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() (git-fixes). - Bluetooth: hci_core: Fix using {cis,bis}_capable for current settings (git-fixes). - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced (git-fixes). - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (git-fixes). - Bluetooth: hci_event: Mark connection as closed during suspend disconnect (git-fixes). - Bluetooth: hci_event: Mask data status from LE ext adv reports (git-fixes). - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success (git-fixes). - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established (git-fixes). - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() (stable-fixes). - Bluetooth: hci_sync: Avoid adding default advertising on startup (stable-fixes). - Bluetooth: hci_sync: Fix hci_resume_advertising_sync (git-fixes). - Bluetooth: hci_sync: Fix scan state after PA Sync has been established (git-fixes). - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements (git-fixes). - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF (git-fixes). - Bluetooth: hci_sync: fix set_local_name race condition (git-fixes). - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early (git-fixes). - CONFIG & no reference -> OK temporarily, must be resolved eventually - Disable CET before shutdown by tboot (bsc#1247950). - Docs/ABI: Fix sysfs-kernel-address_bits path (git-fixes). - Documentation/x86: Document new attack vector controls (git-fixes). - Documentation: ACPI: Fix parent device references (git-fixes). - Documentation: KVM: Fix unexpected unindent warning (git-fixes). - Documentation: KVM: Fix unexpected unindent warnings (git-fixes). - Documentation: usb: gadget: Wrap remaining usage snippets in literal code block (git-fixes). - Drop ath12k patch that was reverted in the upstream (git-fixes) - EDAC/{i10nm,skx,skx_common}: Support UV systems (bsc#1234693). - Enable CONFIG_CMA_SYSFS This is a generally useful feature for anyone using CMA or investigating CMA issues, with a small and simple code base and no runtime overhead. - Enable MT7925 WiFi drivers for openSUSE Leap 16.0 (bsc#1247325) - Enable SMC_LO (a.k.a SMC-D) (jsc#PED-13256). - Fix bogus i915 patch backport (bsc#1238972) It's been already cherry-picked in 6.12 kernel itself. - Fix dma_unmap_sg() nents value (git-fixes) - HID: amd_sfh: Add sync across amd sfh work functions (git-fixes). - HID: apple: avoid setting up battery timer for devices without battery (git-fixes). - HID: apple: validate feature-report field count to prevent NULL pointer dereference (git-fixes). - HID: asus: add support for missing PX series fn keys (stable-fixes). - HID: asus: fix UAF via HID_CLAIMED_INPUT validation (git-fixes). - HID: core: do not bypass hid_hw_raw_request (stable-fixes). - HID: core: ensure the allocated report buffer can contain the reserved report ID (stable-fixes). - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() (stable-fixes). - HID: hidraw: tighten ioctl command parsing (git-fixes). - HID: input: rename hidinput_set_battery_charge_status() (stable-fixes). - HID: input: report battery status changes immediately (git-fixes). - HID: intel-ish-ipc: Remove redundant ready check after timeout function (git-fixes). - HID: logitech: Add ids for G PRO 2 LIGHTSPEED (stable-fixes). - HID: magicmouse: avoid setting up battery timer when not needed (git-fixes). - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (git-fixes). - HID: quirks: add support for Legion Go dual dinput modes (stable-fixes). - HID: wacom: Add a new Art Pen 2 (stable-fixes). - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (git-fixes) - IB/sa: Fix sa_local_svc_timeout_ms read race (git-fixes) - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table (stable-fixes). - Input: iqs7222 - avoid enabling unused interrupts (stable-fixes). - Input: psxpad-spi - add a check for the return value of spi_setup() (git-fixes). - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (git-fixes). - KEYS: X.509: Fix Basic Constraints CA flag parsing (git-fixes). - KEYS: trusted_tpm1: Compare HMAC values in constant time (git-fixes). - KVM: Allow CPU to reschedule while setting per-page memory attributes (git-fixes). - KVM: Bail from the dirty ring reset flow if a signal is pending (git-fixes). - KVM: Bound the number of dirty ring entries in a single reset at INT_MAX (git-fixes). - KVM: Conditionally reschedule when resetting the dirty ring (git-fixes). - KVM: PPC: Fix misleading interrupts comment in kvmppc_prepare_to_enter() (bsc#1215199). - KVM: SVM: Disable interception of SPEC_CTRL iff the MSR exists for the guest (git-fixes). - KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (git-fixes). - KVM: TDX: Add new TDVMCALL status code for unsupported subfuncs (jsc#PED-13302). - KVM: TDX: Do not report base TDVMCALLs (git-fixes). - KVM: TDX: Exit to userspace for GetTdVmCallInfo (jsc#PED-13302). - KVM: TDX: Exit to userspace for SetupEventNotifyInterrupt (jsc#PED-13302). - KVM: TDX: Handle TDG.VP.VMCALL<GetQuote> (jsc#PED-13302). - KVM: TDX: Report supported optional TDVMCALLs in TDX capabilities (jsc#PED-13302). - KVM: TDX: Use kvm_arch_vcpu.host_debugctl to restore the host's DEBUGCTL (git-fixes). - KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - KVM: VMX: Ensure unused kvm_tdx_capabilities fields are zeroed out (jsc#PED-13302). - KVM: arm64: Adjust range correctly during host stage-2 faults (git-fixes). - KVM: arm64: Do not free hyp pages with pKVM on GICv2 (git-fixes). - KVM: arm64: Fix error path in init_hyp_mode() (git-fixes). - KVM: arm64: Mark freed S2 MMUs as invalid (git-fixes). - KVM: arm64: vgic: fix incorrect spinlock API usage (git-fixes). - KVM: s390: Fix access to unavailable adapter indicator pages during postcopy (git-fixes bsc#1250124). - KVM: s390: Fix incorrect usage of mmu_notifier_register() (git-fixes bsc#1250123). - KVM: x86/mmu: Locally cache whether a PFN is host MMIO when making a SPTE (git-fixes). - KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table (git-fixes). - KVM: x86: Avoid calling kvm_is_mmio_pfn() when kvm_x86_ops.get_mt_mask is NULL (git-fixes). - KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - KVM: x86: Drop pending_smi vs. INIT_RECEIVED check when setting MP_STATE (git-fixes). - KVM: x86: Reject KVM_SET_TSC_KHZ vCPU ioctl for TSC protected guest (git-fixes). - KVM: x86: avoid underflow when scaling TSC frequency (git-fixes). - Limit patch filenames to 100 characters (bsc#1249604). - Move upstreamed SPI patch into sorted section - NFS: Fix a race when updating an existing write (git-fixes). - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (git-fixes). - NFS: Fix the setting of capabilities when automounting a new filesystem (git-fixes). - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (git-fixes). - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY (git-fixes). - NFS: nfs_invalidate_folio() must observe the offset and size arguments (git-fixes). - NFSD: Define a proc_layoutcommit for the FlexFiles layout type (git-fixes). - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() (git-fixes). - NFSD: detect mismatch of file handle and delegation stateid in OPEN op (git-fixes). - NFSv4.1: fix backchannel max_resp_sz verification check (git-fixes). - NFSv4.2: another fix for listxattr (git-fixes). - NFSv4/flexfiles: Fix layout merge mirror check (git-fixes). - NFSv4: Clear NFS_CAP_OPEN_XOR and NFS_CAP_DELEGTIME if not supported (git-fixes). - NFSv4: Clear the NFS_CAP_FS_LOCATIONS flag if it is not set (git-fixes). - NFSv4: Clear the NFS_CAP_XATTR flag if not supported by the server (git-fixes). - NFSv4: Do not clear capabilities that won't be reset (git-fixes). - Octeontx2-af: Skip overlap check for SPI field (git-fixes). - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak (git-fixes). - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - PCI/AER: Fix missing uevent on recovery when a reset is requested (git-fixes). - PCI/ERR: Fix uevent on failure to recover (git-fixes). - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (git-fixes). - PCI/MSI: Export pci_msix_prepare_desc() for dynamic MSI-X allocations (bsc#1245457). - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge (git-fixes). - PCI/pwrctrl: Fix device leak at registration (git-fixes). - PCI/sysfs: Ensure devices are powered for config reads (git-fixes). - PCI: Extend isolated function probing to LoongArch (git-fixes). - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS (git-fixes). - PCI: Support Immediate Readiness on devices without PM capabilities (git-fixes). - PCI: dw-rockchip: Replace PERST# sleep time with proper macro (git-fixes). - PCI: dw-rockchip: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up (stable-fixes). - PCI: endpoint: Fix configfs group list head handling (git-fixes). - PCI: endpoint: Fix configfs group removal on driver teardown (git-fixes). - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute (git-fixes). - PCI: endpoint: pci-epf-vntb: Return -ENOENT if pci_epc_get_next_free_bar() fails (git-fixes). - PCI: hv: Allow dynamic MSI-X vector allocation (bsc#1245457). - PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features (git-fixes). - PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features (git-fixes). - PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support (git-fixes). - PCI: imx6: Delay link start until configfs 'start' written (git-fixes). - PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset (git-fixes). - PCI: j721e: Fix incorrect error message in probe() (git-fixes). - PCI: j721e: Fix programming sequence of "strap" settings (git-fixes). - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (git-fixes). - PCI: pnv_php: Clean up allocated IRQs on unplug (bsc#1215199). - PCI: pnv_php: Work around switches with broken presence detection (bsc#1215199). - PCI: qcom: Wait PCIE_RESET_CONFIG_WAIT_MS after link-up IRQ (git-fixes). - PCI: rcar-gen4: Add missing 1ms delay after PWR reset assertion (git-fixes). - PCI: rcar-gen4: Assure reset occurs before DBI access (git-fixes). - PCI: rcar-gen4: Fix PHY initialization (git-fixes). - PCI: rcar-gen4: Fix inverted break condition in PHY initialization (git-fixes). - PCI: rcar-host: Convert struct rcar_msi mask_lock into raw spinlock (git-fixes). - PCI: rcar-host: Drop PMSR spinlock (git-fixes). - PCI: rockchip-host: Fix "Unexpected Completion" log message (git-fixes). - PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining (git-fixes). - PCI: rockchip: Use standard PCIe definitions (git-fixes). - PCI: tegra194: Fix broken tegra_pcie_ep_raise_msi_irq() (git-fixes). - PCI: tegra194: Fix duplicate PLL disable in pex_ep_event_pex_rst_assert() (git-fixes). - PCI: tegra194: Handle errors in BPMP response (git-fixes). - PCI: tegra194: Reset BARs when running in PCIe endpoint mode (git-fixes). - PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock (git-fixes). - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (git-fixes). - PCI: xilinx-nwl: Fix ECAM programming (git-fixes). - PM / devfreq: Check governor before using governor->name (git-fixes). - PM / devfreq: Fix a index typo in trans_stat (git-fixes). - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() (stable-fixes). - PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() (git-fixes). - PM / devfreq: rockchip-dfi: double count on RK3588 (git-fixes). - PM: EM: use kfree_rcu() to simplify the code (stable-fixes). - PM: cpufreq: powernv/tracing: Move powernv_throttle trace event (git-fixes). - PM: hibernate: Add pm_hibernation_mode_is_suspend() (bsc#1243112). - PM: hibernate: Add stub for pm_hibernate_is_recovering() (bsc#1243112). - PM: hibernate: Fix pm_hibernation_mode_is_suspend() build breakage (bsc#1243112). - PM: hibernate: add new api pm_hibernate_is_recovering() (bsc#1243112). - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() (stable-fixes). - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() (git-fixes). - PM: sleep: console: Fix the black screen issue (stable-fixes). - PM: sleep: core: Clear power.must_resume in noirq suspend error path (git-fixes). - RAS/AMD/ATL: Include row bit in row retirement (bsc#1242034). - RAS/AMD/FMPM: Get masked address (bsc#1242034). - RDMA/bnxt_re: Fix a possible memory leak in the driver (git-fixes) - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM (git-fixes) - RDMA/bnxt_re: Fix to do SRQ armena by default (git-fixes) - RDMA/bnxt_re: Fix to initialize the PBL array (git-fixes) - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path (git-fixes) - RDMA/cm: Rate limit destroy CM ID timeout error message (git-fixes) - RDMA/core: Rate limit GID cache warning messages (git-fixes) - RDMA/core: Resolve MAC of next-hop device without ARP support (git-fixes) - RDMA/core: reduce stack using in nldev_stat_get_doit() (git-fixes) - RDMA/counter: Check CAP_NET_RAW check in user namespace for RDMA counters (git-fixes) - RDMA/erdma: Fix ignored return value of init_kernel_qp (git-fixes) - RDMA/hns: Drop GFP_NOWARN (git-fixes) - RDMA/hns: Fix -Wframe-larger-than issue (git-fixes) - RDMA/hns: Fix HW configurations not cleared in error flow (git-fixes) - RDMA/hns: Fix accessing uninitialized resources (git-fixes) - RDMA/hns: Fix dip entries leak on devices newer than hip09 (git-fixes) - RDMA/hns: Fix double destruction of rsv_qp (git-fixes) - RDMA/hns: Fix querying wrong SCC context for DIP algorithm (git-fixes) - RDMA/hns: Get message length of ack_req from FW (git-fixes) - RDMA/mana_ib: Add device statistics support (bsc#1246651). - RDMA/mana_ib: Drain send wrs of GSI QP (bsc#1251135). - RDMA/mana_ib: Extend modify QP (bsc#1251135). - RDMA/mana_ib: Fix DSCP value in modify QP (git-fixes). - RDMA/mana_ib: add additional port counters (git-fixes). - RDMA/mana_ib: add support of multiple ports (git-fixes). - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for anchor create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for devx create (git-fixes) - RDMA/mlx5: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA/mlx5: Fix UMR modifying of mkey page size (git-fixes) - RDMA/mlx5: Fix compilation warning when USER_ACCESS isn't set (git-fixes) - RDMA/mlx5: Fix vport loopback forcing for MPV device (git-fixes) - RDMA/nldev: Check CAP_NET_RAW in user namespace for QP modify (git-fixes) - RDMA/rxe: Fix race in do_task() when draining (git-fixes) - RDMA/rxe: Flush delayed SKBs while releasing RXE resources (git-fixes) - RDMA/siw: Always report immediate post SQ errors (git-fixes) - RDMA/siw: Fix the sendmsg byte count in siw_tcp_sendpages (git-fixes) - RDMA/uverbs: Add empty rdma_uattrs_has_raw_cap() declaration (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for RAW QP create (git-fixes) - RDMA/uverbs: Check CAP_NET_RAW in user namespace for flow create (git-fixes) - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() (git-fixes) - README.BRANCH: mfranc@suse.cz leaving SUSE - RISC-V: Add defines for the SBI nested acceleration extension (jsc#PED-348). - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" (git-fixes). - Reapply "x86/smp: Eliminate mwait_play_dead_cpuid_hint()" (jsc#PED-13815). - Revert "SUNRPC: Do not allow waiting for exiting tasks" (git-fixes). - Revert "drm/amdgpu: fix incorrect vm flags to map bo" (stable-fixes). - Revert "drm/nouveau: check ioctl command codes better" (git-fixes). - Revert "gpio: mlxbf3: only get IRQ for device instance 0" (git-fixes). - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" (git-fixes). - Revert "mac80211: Dynamically set CoDel parameters per station" (stable-fixes). - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" (git-fixes). - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" (stable-fixes). - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" (git-fixes). - SUNRPC: call xs_sock_process_cmsg for all cmsg (git-fixes). - Squashfs: add additional inode sanity checking (git-fixes). - Squashfs: fix uninit-value in squashfs_get_parent (git-fixes). - Squashfs: reject negative file sizes in squashfs_read_inode() (git-fixes). - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (git-fixes). - USB: gadget: f_hid: Fix memory leak in hidg_bind error path (git-fixes). - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI (stable-fixes). - USB: serial: option: add Foxconn T99W640 (stable-fixes). - USB: serial: option: add Foxconn T99W709 (stable-fixes). - USB: serial: option: add SIMCom 8230C compositions (stable-fixes). - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition (stable-fixes). - USB: serial: option: add Telit Cinterion FN990A w/audio compositions (stable-fixes). - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (stable-fixes). - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera (stable-fixes). - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles (stable-fixes). - Update config files. (bsc#1249186) Enable where we define KABI refs + rely on Kconfig deps. - Update config files: revive pwc driver for Leap (bsc#1249060) - accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() (git-fixes). - accel/ivpu: Correct DCT interrupt handling (git-fixes). - accel/ivpu: Fix reset_engine debugfs file logic (stable-fixes). - accel/ivpu: Fix warning in ivpu_gem_bo_free() (git-fixes). - accel/ivpu: Prevent recovery work from being queued during device removal (git-fixes). - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init (stable-fixes). - aoe: defer rexmit timer downdev work to workqueue (git-fixes). - arch/powerpc: Remove .interp section in vmlinux (bsc#1215199). - arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() (git-fixes) - arm64/mm: Check PUD_TYPE_TABLE in pud_bad() (git-fixes) - arm64/mm: Check pmd_table() in pmd_trans_huge() (git-fixes) - arm64/mm: Close theoretical race where stale TLB entry remains valid (git-fixes) - arm64/mm: Drop wrong writes into TCR2_EL1 (git-fixes) - arm64/mm: Ensure adequate HUGE_MAX_HSTATE (git-fixes) - arm64/sysreg: Add register fields for HDFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HDFGWTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGITR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGRTR2_EL2 (git-fixes) - arm64/sysreg: Add register fields for HFGWTR2_EL2 (git-fixes) - arm64/sysreg: Update register fields for ID_AA64MMFR0_EL1 (git-fixes) - arm64: Filter out SME hwcaps when FEAT_SME isn't implemented (git-fixes) - arm64: Handle KCOV __init vs inline mismatches (git-fixes) - arm64: Mark kernel as tainted on SAE and SError panic (git-fixes) - arm64: Restrict pagetable teardown to avoid false warning (git-fixes) - arm64: config: Make tpm_tis_spi module build-in (bsc#1246896) - arm64: cputype: Add QCOM_CPU_PART_KRYO_3XX_GOLD (git-fixes) - arm64: dts: add big-endian property back into watchdog node (git-fixes) - arm64: dts: apple: Add ethernet0 alias for J375 template (git-fixes) - arm64: dts: apple: t8103-j457: Fix PCIe ethernet iommu-map (git-fixes) - arm64: dts: apple: t8103: Fix PCIe BCM4377 nodename (git-fixes) - arm64: dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes (git-fixes) - arm64: dts: exynos: gs101: ufs: add dma-coherent property (git-fixes) - arm64: dts: freescale: imx8mm-verdin: Keep LDO5 always on (git-fixes) - arm64: dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV (git-fixes) - arm64: dts: imx8mm-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mm-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mm-venice-gw700x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7901: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7903: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mm-venice-gw7904: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mn-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mn-beacon: Set SAI5 MCLK direction to output for HDMI (git-fixes) - arm64: dts: imx8mn-venice-gw7902: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-beacon: Fix RTC capacitive load (git-fixes) - arm64: dts: imx8mp-tqma8mpql: fix LDO5 power off (git-fixes) - arm64: dts: imx8mp-venice-gw702x: Increase HS400 USDHC clock speed (git-fixes) - arm64: dts: imx8mp-venice-gw71xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw72xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw73xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp-venice-gw74xx: fix TPM SPI frequency (git-fixes) - arm64: dts: imx8mp: Correct thermal sensor index (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics (git-fixes) - arm64: dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul (git-fixes) - arm64: dts: imx93-kontron: Fix GPIO for panel regulator (git-fixes) - arm64: dts: imx93-kontron: Fix USB port assignment (git-fixes) - arm64: dts: imx95: Correct the DMA interrupter number of pcie0_ep (git-fixes) - arm64: dts: imx95: Correct the lpuart7 and lpuart8 srcid (git-fixes) - arm64: dts: marvell: cn9132-clearfog: disable eMMC high-speed modes (git-fixes) - arm64: dts: marvell: cn9132-clearfog: fix multi-lane pci x2 and x4 (git-fixes) - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B (git-fixes). - arm64: dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on (git-fixes) - arm64: dts: rockchip: Add vcc-supply to SPI flash on rk3566-rock3c (git-fixes) - arm64: dts: rockchip: Fix Bluetooth interrupts flag on Neardi LBA3368 (git-fixes) - arm64: dts: rockchip: Fix the headphone detection on the orangepi 5 (git-fixes) - arm64: dts: rockchip: Move SHMEM memory to reserved memory on rk3588 (git-fixes) - arm64: dts: rockchip: Update eMMC for NanoPi R5 series (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on (git-fixes) - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma (git-fixes) - arm64: dts: rockchip: fix endpoint dtc warning for PX30 ISP (git-fixes) - arm64: dts: rockchip: fix internal USB hub instability on RK3399 Puma (git-fixes) - arm64: dts: rockchip: use cs-gpios for spi1 on ringneck (git-fixes) - arm64: dts: st: fix timer used for ticks (git-fixes) - arm64: ftrace: fix unreachable PLT for ftrace_caller in init_module (git-fixes) - arm64: map [_text, _stext) virtual address range (git-fixes) - arm64: mte: Do not flag the zero page as PG_mte_tagged (git-fixes) - arm64: poe: Handle spurious Overlay faults (git-fixes) - arm64: rust: clean Rust 1.85.0 warning using softfloat target (git-fixes) - arm64: stacktrace: Check kretprobe_find_ret_addr() return value (git-fixes) - arm64: tegra: Add uartd serial alias for Jetson TX1 module (git-fixes) - arm64: tegra: Drop remaining serial clock-names and reset-names (git-fixes) - arm64: tegra: Resize aperture for the IGX PCIe C5 slot (git-fixes) - arm64: tegra: p2597: Fix gpio for vdd-1v8-dis regulator (git-fixes) - arm64: zynqmp: add clock-output-names property in clock nodes (git-fixes) - ata: ahci: Disable DIPM if host lacks support (stable-fixes). - ata: ahci: Disallow LPM policy control if not supported (stable-fixes). - ata: libata-sata: Add link_power_management_supported sysfs attribute (git-fixes). - ata: libata-sata: Disallow changing LPM state if not supported (stable-fixes). - ata: libata-scsi: Fix CDL control (git-fixes). - audit,module: restore audit logging in load failure case (git-fixes). - ax25: properly unshare skbs in ax25_kiss_rcv() (git-fixes). - batman-adv: fix OOB read/write in network-coding decode (git-fixes). - benet: fix BUG when creating VFs (git-fixes). - block: Introduce bio_needs_zone_write_plugging() (git-fixes). - block: Make REQ_OP_ZONE_FINISH a write operation (git-fixes, bsc#1249552). - block: ensure discard_granularity is zero when discard is not supported (git-fixes). - block: fix kobject leak in blk_unregister_queue (git-fixes). - block: mtip32xx: Fix usage of dma_map_sg() (git-fixes). - block: sanitize chunk_sectors for atomic write limits (git-fixes). - bnxt_en: Add a helper function to configure MRU and RSS (git-fixes). - bnxt_en: Adjust TX rings if reservation is less than requested (git-fixes). - bnxt_en: Fix DCB ETS validation (git-fixes). - bnxt_en: Fix memory corruption when FW resources change during ifdown (git-fixes). - bnxt_en: Fix stats context reservation logic (git-fixes). - bnxt_en: Flush FW trace before copying to the coredump (git-fixes). - bnxt_en: Update MRU and RSS table of RSS contexts on queue reset (git-fixes). - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL (git-fixes). - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() (git-fixes) - bpf, arm64: Fix fp initialization for exception boundary (git-fixes) - bpf, docs: Fix broken link to renamed bpf_iter_task_vmas.c (git-fixes). - bpf, sockmap: Fix psock incorrectly pointing to sk (git-fixes). - bpf: Adjust free target to avoid global starvation of LRU map (git-fixes). - bpf: Allow XDP dev-bound programs to perform XDP_REDIRECT into maps (git-fixes). - bpf: Avoid RCU context warning when unpinning htab with internal structs (git-fixes). - bpf: Check link_create.flags parameter for multi_kprobe (git-fixes). - bpf: Check link_create.flags parameter for multi_uprobe (git-fixes). - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} (git-fixes). - bpf: Fix uninitialized values in BPF_{CORE,PROBE}_READ (git-fixes). - bpf: Forget ranges when refining tnum after JSET (git-fixes). - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP (git-fixes). - bpf: Only fails the busy counter check in bpf_cgrp_storage_get if it creates storage (git-fixes). - bpf: Reject %p% format string in bprintf-like helpers (git-fixes). - bpf: Reject attaching fexit/fmod_ret to __noreturn functions (git-fixes). - bpf: Reject narrower access to pointer ctx fields (git-fixes). - bpf: Return prog btf_id without capable check (git-fixes). - bpf: Use preempt_count() directly in bpf_send_signal_common() (git-fixes). - bpf: Use proper type to calculate bpf_raw_tp_null_args.mask index (git-fixes). - bpf: fix possible endless loop in BPF map iteration (git-fixes). - btrfs: abort transaction during log replay if walk_log_tree() failed (git-fixes). - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() (git-fixes). - btrfs: add assertions and comment about path expectations to btrfs_cross_ref_exist() (git-fixes). - btrfs: add debug build only WARN (bsc#1249038). - btrfs: add function comment for check_committed_ref() (git-fixes). - btrfs: always abort transaction on failure to add block group to free space tree (git-fixes). - btrfs: avoid load/store tearing races when checking if an inode was logged (git-fixes). - btrfs: avoid redundant call to get inline ref type at check_committed_ref() (git-fixes). - btrfs: avoid starting new transaction when cleaning qgroup during subvolume drop (git-fixes). - btrfs: clear dirty status from extent buffer on error at insert_new_root() (git-fixes). - btrfs: codify pattern for adding block_group to bg_list (git-fixes). - btrfs: convert ASSERT(0) with handled errors to DEBUG_WARN() (bsc#1249038). - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling (git-fixes). - btrfs: correctly escape subvol in btrfs_show_options() (git-fixes). - btrfs: do not allow relocation of partially dropped subvolumes (bsc#1249540). - btrfs: do not ignore inode missing when replaying log tree (git-fixes). - btrfs: do not output error message if a qgroup has been already cleaned up (git-fixes). - btrfs: do not return VM_FAULT_SIGBUS on failure to set delalloc for mmap write (bsc#1247949). - btrfs: do not silently ignore unexpected extent type when replaying log (git-fixes). - btrfs: do not skip remaining extrefs if dir not found during log replay (git-fixes). - btrfs: enhance ASSERT() to take optional format string (bsc#1249038). - btrfs: error on missing block group when unaccounting log tree extent buffers (git-fixes). - btrfs: exit after state split error at set_extent_bit() (git-fixes). - btrfs: explicitly ref count block_group on new_bgs list (bsc#1243068) - btrfs: fix -ENOSPC mmap write failure on NOCOW files/extents (bsc#1247949). - btrfs: fix assertion when building free space tree (git-fixes). - btrfs: fix corruption reading compressed range when block size is smaller than page size (git-fixes). - btrfs: fix data overwriting bug during buffered write when block size < page size (git-fixes). - btrfs: fix data race when accessing the inode's disk_i_size at btrfs_drop_extents() (git-fixes). - btrfs: fix incorrect log message for nobarrier mount option (git-fixes). - btrfs: fix inode lookup error handling during log replay (git-fixes). - btrfs: fix invalid extref key setup when replaying dentry (git-fixes). - btrfs: fix invalid inode pointer after failure to create reloc inode (git-fixes). - btrfs: fix invalid inode pointer dereferences during log replay (git-fixes). - btrfs: fix iteration bug in __qgroup_excl_accounting() (git-fixes). - btrfs: fix log tree replay failure due to file with 0 links and extents (git-fixes). - btrfs: fix missing error handling when searching for inode refs during log replay (git-fixes). - btrfs: fix non-empty delayed iputs list on unmount due to async workers (git-fixes). - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM (git-fixes). - btrfs: fix race between logging inode and checking if it was logged before (git-fixes). - btrfs: fix race between setting last_dir_index_offset and inode logging (git-fixes). - btrfs: fix squota compressed stats leak (git-fixes). - btrfs: fix ssd_spread overallocation (git-fixes). - btrfs: fix subvolume deletion lockup caused by inodes xarray race (git-fixes). - btrfs: fix the inode leak in btrfs_iget() (git-fixes). - btrfs: fix two misuses of folio_shift() (git-fixes). - btrfs: fix wrong length parameter for btrfs_cleanup_ordered_extents() (git-fixes). - btrfs: handle unaligned EOF truncation correctly for subpage cases (bsc#1249038). - btrfs: initialize inode::file_extent_tree after i_mode has been set (git-fixes). - btrfs: make btrfs_discard_workfn() block_group ref explicit (bsc#1243068) - btrfs: make btrfs_iget() return a btrfs inode instead (git-fixes). - btrfs: make btrfs_iget_path() return a btrfs inode instead (git-fixes). - btrfs: move transaction aborts to the error site in add_block_group_free_space() (git-fixes). - btrfs: pass a btrfs_inode to fixup_inode_link_count() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_defrag_file() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_lock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_double_mmap_unlock() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_extent_same_range() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_fill_inode() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_iget_locked() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_inherit_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_inode_type() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_load_inode_props() (git-fixes). - btrfs: pass struct btrfs_inode to btrfs_read_locked_inode() (git-fixes). - btrfs: pass struct btrfs_inode to can_nocow_extent() (git-fixes). - btrfs: pass struct btrfs_inode to clone_copy_inline_extent() (git-fixes). - btrfs: pass struct btrfs_inode to extent_range_clear_dirty_for_io() (git-fixes). - btrfs: pass struct btrfs_inode to fill_stack_inode_item() (git-fixes). - btrfs: pass struct btrfs_inode to new_simple_dir() (git-fixes). - btrfs: pass true to btrfs_delalloc_release_space() at btrfs_page_mkwrite() (bsc#1247949). - btrfs: propagate last_unlink_trans earlier when doing a rmdir (git-fixes). - btrfs: props: switch prop_handler::apply to struct btrfs_inode (git-fixes). - btrfs: props: switch prop_handler::extract to struct btrfs_inode (git-fixes). - btrfs: push cleanup into btrfs_read_locked_inode() (git-fixes). - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled (git-fixes). - btrfs: qgroup: fix race between quota disable and quota rescan ioctl (git-fixes). - btrfs: qgroup: remove no longer used fs_info->qgroup_ulist (git-fixes). - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations (git-fixes). - btrfs: record new subvolume in parent dir earlier to avoid dir logging races (git-fixes). - btrfs: remove conditional path allocation in btrfs_read_locked_inode() (git-fixes). - btrfs: remove no longer needed strict argument from can_nocow_extent() (git-fixes). - btrfs: remove redundant path release when replaying a log tree (git-fixes). - btrfs: remove the snapshot check from check_committed_ref() (git-fixes). - btrfs: restore mount option info messages during mount (git-fixes). - btrfs: return a btrfs_inode from btrfs_iget_logging() (git-fixes). - btrfs: return a btrfs_inode from read_one_inode() (git-fixes). - btrfs: return any hit error from extent_writepage_io() (git-fixes). - btrfs: send: remove unnecessary inode lookup at send_encoded_inline_extent() (git-fixes). - btrfs: simplify arguments for btrfs_cross_ref_exist() (git-fixes). - btrfs: simplify early error checking in btrfs_page_mkwrite() (bsc#1247949). - btrfs: simplify error detection flow during log replay (git-fixes). - btrfs: simplify return logic at check_committed_ref() (git-fixes). - btrfs: subpage: fix the bitmap dump of the locked flags (git-fixes). - btrfs: tests: fix chunk map leak after failure to add it to the tree (git-fixes). - btrfs: tree-checker: fix the incorrect inode ref size check (git-fixes). - btrfs: unfold transaction aborts when replaying log trees (git-fixes). - btrfs: unify ordering of btrfs_key initializations (git-fixes). - btrfs: update superblock's device bytes_used when dropping chunk (git-fixes). - btrfs: use a single variable to track return value at btrfs_page_mkwrite() (bsc#1247949). - btrfs: use btrfs_record_snapshot_destroy() during rmdir (git-fixes). - btrfs: use filemap_get_folio() helper (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_name() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_get_parent() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range() (git-fixes). - btrfs: use struct btrfs_inode inside btrfs_remap_file_range_prep() (git-fixes). - btrfs: use struct btrfs_inode inside create_pending_snapshot() (git-fixes). - btrfs: use verbose ASSERT() in volumes.c (bsc#1249038). - build_bug.h: Add KABI assert (bsc#1249186). - bus: firewall: Fix missing static inline annotations for stubs (git-fixes). - bus: fsl-mc: Check return value of platform_get_resource() (git-fixes). - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() (git-fixes). - bus: mhi: ep: Fix chained transfer handling in read path (git-fixes). - bus: mhi: host: Detect events pointing to unexpected TREs (git-fixes). - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() (git-fixes). - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 (git-fixes). - can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled (stable-fixes). - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: j1939: implement NETDEV_UNREGISTER notification handler (git-fixes). - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (git-fixes). - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (git-fixes). - can: kvaser_pciefd: Store device channel index (git-fixes). - can: kvaser_usb: Assign netdev.dev_port based on device channel index (git-fixes). - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode (git-fixes). - can: peak_usb: fix USB FD devices potential malfunction (git-fixes). - can: peak_usb: fix shift-out-of-bounds issue (git-fixes). - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (stable-fixes). - can: rcar_canfd: Fix controller mode setting (stable-fixes). - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (git-fixes). - can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB (git-fixes). - cdc-acm: fix race between initial clearing halt and open (git-fixes). - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN (stable-fixes). - cdx: Fix off-by-one error in cdx_rpmsg_probe() (git-fixes). - cgroup/cpuset: Fix a partition error with CPU hotplug (bsc#1241166). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key (bsc#1241166). - cgroup: Add compatibility option for content of /proc/cgroups (jsc#PED-12405). - cgroup: Print message when /proc/cgroups is read on v2-only system (jsc#PED-12405). - cgroup: llist: avoid memory tears for llist_node (bsc#1247963). - cgroup: make css_rstat_updated nmi safe (bsc#1247963). - cgroup: remove per-cpu per-subsystem locks (bsc#1247963). - cgroup: support to enable nmi-safe css_rstat_updated (bsc#1247963). - char: misc: Fix improper and inaccurate error code returned by misc_init() (stable-fixes). - clk: at91: peripheral: fix return value (git-fixes). - clk: at91: sam9x7: update pll clk ranges (git-fixes). - clk: clk-axi-clkgen: fix fpfd_max frequency for zynq (git-fixes). - clk: davinci: Add NULL check in davinci_lpsc_clk_register() (git-fixes). - clk: imx95-blk-ctl: Fix synchronous abort (git-fixes). - clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() (git-fixes). - clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m (git-fixes). - clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() (git-fixes). - clk: qcom: gcc-ipq8074: fix broken freq table for nss_port6_tx_clk_src (git-fixes). - clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk (git-fixes). - clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() (git-fixes). - clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks (git-fixes). - clk: samsung: exynos850: fix a comment (git-fixes). - clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD (git-fixes). - clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock (git-fixes). - clk: sunxi-ng: v3s: Fix de clock definition (git-fixes). - clk: tegra: do not overallocate memory for bpmp clocks (git-fixes). - clk: thead: th1520-ap: Correctly refer the parent of osc_12m (git-fixes). - clk: xilinx: vcu: unregister pll_post only if registered correctly (git-fixes). - comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() (git-fixes). - comedi: Make insn_rw_emulate_bits() do insn->n samples (git-fixes). - comedi: fix race between polling and detaching (git-fixes). - comedi: pcl726: Prevent invalid irq number (git-fixes). - compiler-clang.h: define __SANITIZE_*__ macros only when undefined (stable-fixes). - compiler: remove __ADDRESSABLE_ASM{_STR,}() again (git-fixes). - config.sh: SLFO 1.2 branched in IBS - config: arm64: default: enable mtu3 dual-role support for MediaTek platforms (bsc#1245206) - coredump: Fixes core_pipe_limit sysctl proc_handler (git-fixes). - cpu: Define attack vectors (git-fixes). - cpufreq/amd-pstate: Fix a regression leading to EPP 0 after resume (git-fixes). - cpufreq/amd-pstate: Fix setting of CPPC.min_perf in active mode for performance governor (git-fixes). - cpufreq/sched: Explicitly synchronize limits_changed flag (git-fixes) - cpufreq/sched: Fix the usage of CPUFREQ_NEED_UPDATE_LIMITS (git-fixes) - cpufreq: Add SM8650 to cpufreq-dt-platdev blocklist (stable-fixes). - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay (stable-fixes). - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag (stable-fixes). - cpufreq: Exit governor when failed to start old governor (stable-fixes). - cpufreq: Init policy->rwsem before it may be possibly used (git-fixes). - cpufreq: Initialize cpufreq-based frequency-invariance later (git-fixes). - cpufreq: Initialize cpufreq-based invariance before subsys (git-fixes). - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency (stable-fixes git-fixes). - cpufreq: Reference count policy in cpufreq_update_limits() (git-fixes). - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() (stable-fixes). - cpufreq: armada-8k: make both cpu masks static (git-fixes). - cpufreq: cppc: Fix invalid return value in .get() callback (git-fixes). - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() (git-fixes). - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode (stable-fixes). - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode (git-fixes). - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (git-fixes). - cpufreq: intel_pstate: Unchecked MSR aceess in legacy mode (git-fixes). - cpufreq: mediatek: fix device leak on probe failure (git-fixes). - cpufreq: scmi: Account for malformed DT in scmi_dev_used_by_cpus() (git-fixes). - cpufreq: scmi: Skip SCMI devices that are not used by the CPUs (stable-fixes). - cpufreq: scpi: compare kHz instead of Hz (git-fixes). - cpufreq: sun50i: prevent out-of-bounds access (git-fixes). - cpufreq: tegra186: Set target frequency for all cpus in policy (git-fixes). - cpufreq: tegra186: Share policy per cluster (stable-fixes). - cpupower: Fix a bug where the -t option of the set subcommand was not working (stable-fixes). - crypto: af_alg - Set merge to zero early in af_alg_sendmsg (git-fixes). - crypto: arm/aes-neonbs - work around gcc-15 warning (git-fixes). - crypto: aspeed - Fix dma_unmap_sg() direction (git-fixes). - crypto: atmel - Fix dma_unmap_sg() direction (git-fixes). - crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP (git-fixes). - crypto: ccp - Add missing bootloader info reg for pspv6 (stable-fixes). - crypto: ccp - Fix crash when rebind ccp device for ccp.ko (git-fixes). - crypto: ccp - Fix locking on alloc failure handling (git-fixes). - crypto: essiv - Check ssize for decryption and in-place encryption (git-fixes). - crypto: hisilicon - re-enable address prefetch after device resuming (git-fixes). - crypto: hisilicon/hpre - fix dma unmap sequence (stable-fixes). - crypto: hisilicon/qm - check whether the input function and PF are on the same device (git-fixes). - crypto: hisilicon/qm - set NULL to qm->debug.qm_diff_regs (git-fixes). - crypto: hisilicon/zip - remove unnecessary validation for high-performance mode configurations (git-fixes). - crypto: img-hash - Fix dma_unmap_sg() nents value (git-fixes). - crypto: inside-secure - Fix `dma_unmap_sg()` nents value (git-fixes). - crypto: jitter - fix intermediary handling (stable-fixes). - crypto: keembay - Add missing check after sg_nents_for_len() (git-fixes). - crypto: keembay - Fix dma_unmap_sg() nents value (git-fixes). - crypto: marvell/cesa - Fix engine load inaccuracy (git-fixes). - crypto: octeontx2 - Call strscpy() with correct size argument (git-fixes). - crypto: octeontx2 - Fix address alignment issue on ucode loading (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10K A0/A1 and OcteonTX2 (stable-fixes). - crypto: octeontx2 - Fix address alignment on CN10KB and CN10KA-B0 (stable-fixes). - crypto: octeontx2 - add timeout for load_fvc completion poll (stable-fixes). - crypto: qat - allow enabling VFs in the absence of IOMMU (git-fixes). - crypto: qat - disable ZUC-256 capability for QAT GEN5 (git-fixes). - crypto: qat - fix DMA direction for compression on GEN2 devices (git-fixes). - crypto: qat - fix seq_file position update in adf_ring_next() (git-fixes). - crypto: qat - fix state restore for banks with exceptions (git-fixes). - crypto: qat - flush misc workqueue during device shutdown (git-fixes). - crypto: qat - lower priority for skcipher and aead algorithms (stable-fixes). - crypto: qat - use unmanaged allocation for dc_data (git-fixes). - crypto: rng - Ensure set_ent is always present (git-fixes). - crypto: rockchip - Fix dma_unmap_sg() nents value (git-fixes). - crypto: sun8i-ce - fix nents passed to dma_unmap_sg() (git-fixes). - devlink: Add support for u64 parameters (jsc#PED-13331). - devlink: avoid param type value translations (jsc#PED-13331). - devlink: define enum for attr types of dynamic attributes (jsc#PED-13331). - devlink: introduce devlink_nl_put_u64() (jsc#PED-13331). - devlink: let driver opt out of automatic phys_port_name generation (git-fixes). - dm-mpath: do not print the "loaded" message if registering fails (git-fixes). - dm-stripe: limit chunk_sectors to the stripe size (git-fixes). - dm-table: fix checking for rq stackable devices (git-fixes). - dm: Check for forbidden splitting of zone write operations (git-fixes). - dm: split write BIOs on zone boundaries when zone append is not emulated (git-fixes). - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted (stable-fixes). - dmaengine: Fix dma_async_tx_descriptor->tx_submit documentation (git-fixes). - dmaengine: dw-edma: Drop unused dchan2dev() and chan2dev() (git-fixes). - dmaengine: dw: dmamux: Fix device reference leak in rzn1_dmamux_route_allocate (git-fixes). - dmaengine: fsl-dpaa2-qdma: Drop unused mc_enc() (git-fixes). - dmaengine: idxd: Fix double free in idxd_setup_wqs() (git-fixes). - dmaengine: idxd: Fix refcount underflow on module unload (git-fixes). - dmaengine: idxd: Remove improper idxd_free (git-fixes). - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() (git-fixes). - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning (git-fixes). - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap (git-fixes). - dmaengine: nbpfaxi: Add missing check after DMA map (git-fixes). - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (git-fixes). - dmaengine: qcom: gpi: Drop unused gpi_write_reg_field() (git-fixes). - dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs (stable-fixes). - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (git-fixes). - docs: admin-guide: update to current minimum pipe size default (git-fixes). - dpll: Add basic Microchip ZL3073x support (jsc#PED-13331). - dpll: Make ZL3073X invisible (jsc#PED-13331). - dpll: zl3073x: Add support to get/set frequency on pins (jsc#PED-13331). - dpll: zl3073x: Add support to get/set priority on input pins (jsc#PED-13331). - dpll: zl3073x: Fetch invariants during probe (jsc#PED-13331). - dpll: zl3073x: Fix build failure (jsc#PED-13331). - dpll: zl3073x: Implement input pin selection in manual mode (jsc#PED-13331). - dpll: zl3073x: Implement input pin state setting in automatic mode (jsc#PED-13331). - dpll: zl3073x: Read DPLL types and pin properties from system firmware (jsc#PED-13331). - dpll: zl3073x: Register DPLL devices and pins (jsc#PED-13331). - dpll: zl3073x: ZL3073X_I2C and ZL3073X_SPI should depend on NET (jsc#PED-13331). - driver core/PM: Set power.no_callbacks along with power.no_pm (stable-fixes). - drivers/base/node: fix double free in register_one_node() (git-fixes). - drivers/base/node: handle error properly in register_one_node() (git-fixes). - drivers: base: handle module_kobject creation (git-fixes). - drm/amd : Update MES API header file for v11 & v12 (stable-fixes). - drm/amd/amdgpu: Declare isp firmware binary file (stable-fixes). - drm/amd/amdgpu: Fix missing error return on kzalloc failure (git-fixes). - drm/amd/amdgpu: Implement MES suspend/resume gang functionality for v12 (bsc#1243112). - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode (stable-fixes). - drm/amd/display: Add NULL check for stream before dereference in 'dm_vupdate_high_irq' (bsc#1243112). - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs (git-fixes). - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() (git-fixes). - drm/amd/display: Add primary plane to commits for correct VRR handling (stable-fixes). - drm/amd/display: Adjust DCE 8-10 clock, do not overclock by 15% (git-fixes). - drm/amd/display: Allow DCN301 to clear update flags (git-fixes). - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put (git-fixes). - drm/amd/display: Avoid a NULL pointer dereference (stable-fixes). - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported (stable-fixes). - drm/amd/display: Avoid trying AUX transactions on disconnected ports (stable-fixes). - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG (stable-fixes). - drm/amd/display: Default IPS to RCG_IN_ACTIVE_IPS2_IN_OFF (git-fixes). - drm/amd/display: Disable CRTC degamma LUT for DCN401 (stable-fixes). - drm/amd/display: Disable DPCD Probe Quirk (bsc#1248121). - drm/amd/display: Disable dsc_power_gate for dcn314 by default (stable-fixes). - drm/amd/display: Disable scaling on DCE6 for now (git-fixes). - drm/amd/display: Do not check for NULL divisor in fixpt code (git-fixes). - drm/amd/display: Do not overclock DCE 6 by 15% (git-fixes). - drm/amd/display: Do not overwrite dce60_clk_mgr (git-fixes). - drm/amd/display: Do not print errors for nonexistent connectors (git-fixes). - drm/amd/display: Do not warn when missing DCE encoder caps (stable-fixes). - drm/amd/display: Enable Dynamic DTBCLK Switch (bsc#1243112). - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs (stable-fixes). - drm/amd/display: Fix 'failed to blank crtc!' (stable-fixes). - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6 (stable-fixes). - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel (stable-fixes). - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 (git-fixes). - drm/amd/display: Fix mismatch type comparison (stable-fixes). - drm/amd/display: Fix vupdate_offload_work doc (bsc#1243112). - drm/amd/display: Free memory allocation (stable-fixes). - drm/amd/display: Init DCN35 clocks from pre-os HW values (git-fixes). - drm/amd/display: Initialize mode_select to 0 (stable-fixes). - drm/amd/display: Only finalize atomic_obj if it was initialized (stable-fixes). - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 (git-fixes). - drm/amd/display: Properly disable scaling on DCE6 (git-fixes). - drm/amd/display: Remove redundant semicolons (git-fixes). - drm/amd/display: Separate set_gsl from set_gsl_source_select (stable-fixes). - drm/amd/display: Update DMCUB loading sequence for DCN3.5 (stable-fixes). - drm/amd/display: add workaround flag to link to force FFE preset (stable-fixes). - drm/amd/display: fix a Null pointer dereference vulnerability (stable-fixes). - drm/amd/display: fix dmub access race condition (bsc#1243112). - drm/amd/display: fix initial backlight brightness calculation (git-fixes). - drm/amd/display: limit clear_update_flags to dcn32 and above (stable-fixes). - drm/amd/display: more liberal vmin/vmax update for freesync (bsc#1243112). - drm/amd/display: remove output_tf_change flag (git-fixes). - drm/amd/display: use udelay rather than fsleep (git-fixes). - drm/amd/include : MES v11 and v12 API header update (stable-fixes). - drm/amd/include : Update MES v12 API for fence update (stable-fixes). - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value (git-fixes). - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) (git-fixes). - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) (git-fixes). - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) (git-fixes). - drm/amd/pm: Disable ULV even if unsupported (v3) (git-fixes). - drm/amd/pm: Fix si_upload_smc_data (v3) (git-fixes). - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) (git-fixes). - drm/amd/pm: fix null pointer access (stable-fixes). - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual (stable-fixes). - drm/amd: Avoid evicting resources at S5 (bsc#1243112). - drm/amd: Check whether secure display TA loaded successfully (bsc#1243112). - drm/amd: Fix hybrid sleep (bsc#1243112). - drm/amd: Only restore cached manual clock settings in restore if OD enabled (bsc#1243112). - drm/amd: Restore cached manual clock settings during resume (bsc#1243112). - drm/amd: Restore cached power limit during resume (stable-fixes). - drm/amdgpu/discovery: fix fw based ip discovery (git-fixes). - drm/amdgpu/discovery: optionally use fw based ip discovery (stable-fixes). - drm/amdgpu/gfx10: fix KGQ reset sequence (git-fixes). - drm/amdgpu/gfx10: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/gfx9: fix kiq locking in KCQ reset (git-fixes). - drm/amdgpu/mes11: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes12: implement detect and reset callback (bsc#1243112). - drm/amdgpu/mes: add front end for detect and reset hung queue (bsc#1243112). - drm/amdgpu/mes: add missing locking in helper functions (stable-fixes). - drm/amdgpu/mes: enable compute pipes across all MEC (git-fixes). - drm/amdgpu/mes: optimize compute loop handling (stable-fixes). - drm/amdgpu/swm14: Update power limit logic (stable-fixes). - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages (stable-fixes). - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time (stable-fixes). - drm/amdgpu/vcn: fix ref counting for ring based profile handling (git-fixes). - drm/amdgpu/vpe: cancel delayed work in hw_fini (bsc#1243112). - drm/amdgpu: Add additional DCE6 SCL registers (git-fixes). - drm/amdgpu: Avoid extra evict-restore process (stable-fixes). - drm/amdgpu: Avoid rma causes GPU duplicate reset (bsc#1243112). - drm/amdgpu: Enable MES lr_compute_wa by default (stable-fixes). - drm/amdgpu: Fix allocating extra dwords for rings (v2) (git-fixes). - drm/amdgpu: Fix for GPU reset being blocked by KIQ I/O (bsc#1243112). - drm/amdgpu: Increase reset counter only on success (stable-fixes). - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() (git-fixes). - drm/amdgpu: Power up UVD 3 for FW validation (v2) (git-fixes). - drm/amdgpu: Remove nbiov7.9 replay count reporting (git-fixes). - drm/amdgpu: Report individual reset error (bsc#1243112). - drm/amdgpu: Reset the clear flag in buddy during resume (git-fixes). - drm/amdgpu: Update external revid for GC v9.5.0 (stable-fixes). - drm/amdgpu: VCN v5_0_1 to prevent FW checking RB during DPG pause (stable-fixes). - drm/amdgpu: add kicker fws loading for gfx11/smu13/psp13 (stable-fixes). - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities (stable-fixes). - drm/amdgpu: do not resume device in thaw for normal hibernation (bsc#1243112). - drm/amdgpu: drop hw access in non-DC audio fini (stable-fixes). - drm/amdgpu: fix a memory leak in fence cleanup when unloading (git-fixes). - drm/amdgpu: fix incorrect vm flags to map bo (git-fixes). - drm/amdgpu: fix link error for !PM_SLEEP (bsc#1243112). - drm/amdgpu: fix task hang from failed job submission during process kill (git-fixes). - drm/amdgpu: fix vram reservation issue (git-fixes). - drm/amdgpu: remove the redeclaration of variable i (git-fixes). - drm/amdgpu: update mmhub 3.0.1 client id mappings (stable-fixes). - drm/amdgpu: update mmhub 4.1.0 client id mappings (stable-fixes). - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq (stable-fixes). - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() (git-fixes). - drm/amdkfd: Fix mmap write lock not release (bsc#1243112). - drm/ast: Use msleep instead of mdelay for edid read (git-fixes). - drm/bridge: fix OF node leak (git-fixes). - drm/bridge: it6505: select REGMAP_I2C (git-fixes). - drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() (git-fixes). - drm/bridge: ti-sn65dsi86: fix REFCLK setting (git-fixes). - drm/cirrus-qemu: Fix pitch programming (git-fixes). - drm/connector: hdmi: Evaluate limited range after computing format (git-fixes). - drm/dp: Add an EDID quirk for the DPCD register access probe (bsc#1248121). - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS (stable-fixes). - drm/dp: Change AUX DPCD probe address from LANE0_1_STATUS to TRAINING_PATTERN_SET (bsc#1248121). - drm/edid: Add support for quirks visible to DRM core and drivers (bsc#1248121). - drm/edid: Define the quirks in an enum list (bsc#1248121). - drm/format-helper: Add conversion from XRGB8888 to BGR888 (stable-fixes). - drm/gem: Internally test import_attach for imported objects (git-fixes). - drm/gem: Test for imported GEM buffers with helper (stable-fixes). - drm/gma500: Fix null dereference in hdmi teardown (git-fixes). - drm/hisilicon/hibmc: fix the hibmc loaded failed bug (git-fixes). - drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed (git-fixes). - drm/hisilicon/hibmc: refactored struct hibmc_drm_private (stable-fixes). - drm/i915/backlight: Return immediately when scale() finds invalid parameters (stable-fixes). - drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type (stable-fixes). - drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() (stable-fixes). - drm/i915/ddi: only call shutdown hooks for valid encoders (stable-fixes). - drm/i915/display: Fix dma_fence_wait_timeout() return value handling (git-fixes). - drm/i915/display: add intel_encoder_is_hdmi() (stable-fixes). - drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x (git-fixes). - drm/i915/dp_mst: Work around Thunderbolt sink disconnect after SINK_COUNT_ESI read (stable-fixes). - drm/i915/hdmi: add error handling in g4x_hdmi_init() (stable-fixes). - drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() (stable-fixes). - drm/i915/icl+/tc: Cache the max lane count value (stable-fixes). - drm/i915/icl+/tc: Convert AUX powered WARN to a debug message (stable-fixes). - drm/i915/power: fix size for for_each_set_bit() in abox iteration (git-fixes). - drm/imagination: Clear runtime PM errors while resetting the GPU (stable-fixes). - drm/mediatek: Add error handling for old state CRTC in atomic_disable (git-fixes). - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv (git-fixes). - drm/mediatek: fix potential OF node use-after-free (git-fixes). - drm/msm/dp: account for widebus and yuv420 during mode validation (git-fixes). - drm/msm/dpu: Fill in min_prefill_lines for SC8180X (git-fixes). - drm/msm/dpu: fix incorrect type for ret (git-fixes). - drm/msm/kms: move snapshot init earlier in KMS init (git-fixes). - drm/msm: Add error handling for krealloc in metadata setup (stable-fixes). - drm/msm: Defer fd_install in SUBMIT ioctl (git-fixes). - drm/msm: update the high bitfield of certain DSI registers (git-fixes). - drm/msm: use trylock for debugfs (stable-fixes). - drm/nouveau/disp: Always accept linear modifier (git-fixes). - drm/nouveau/gsp: fix potential leak of memory used during acpi init (git-fixes). - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor() (git-fixes). - drm/nouveau: fix bad ret code in nouveau_bo_move_prep (git-fixes). - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 (git-fixes). - drm/nouveau: fix typos in comments (git-fixes). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr (git-fixes). - drm/nouveau: remove unused memory target test (git-fixes). - drm/panel: novatek-nt35560: Fix invalid return value (git-fixes). - drm/panfrost: Fix panfrost device variable name in devfreq (git-fixes). - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info (git-fixes). - drm/panthor: Defer scheduler entitiy destruction to queue release (git-fixes). - drm/panthor: Fix memory leak in panthor_ioctl_group_create() (git-fixes). - drm/panthor: validate group queue count (git-fixes). - drm/radeon/r600_cs: clean up of dead code in r600_cs (git-fixes). - drm/rcar-du: dsi: Fix 1/2/3 lane support (git-fixes). - drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed (git-fixes). - drm/sched: Remove optimization that causes hang when killing dependent jobs (git-fixes). - drm/simpledrm: Do not upcast in release helpers (git-fixes). - drm/tests: Fix endian warning (git-fixes). - drm/ttm: Respect the shrinker core free target (stable-fixes). - drm/ttm: Should to return the evict error (stable-fixes). - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel (git-fixes). - drm/vmwgfx: Fix Use-after-free in validation (git-fixes). - drm/vmwgfx: Fix a null-ptr access in the cursor snooper (git-fixes). - drm/vmwgfx: Fix copy-paste typo in validation (git-fixes). - drm/xe/bmg: Add new PCI IDs (stable-fixes). - drm/xe/bmg: Add one additional PCI ID (stable-fixes). - drm/xe/bmg: Update Wa_22019338487 (git-fixes). - drm/xe/gsc: do not flush the GSC worker from the reset path (git-fixes). - drm/xe/hw_engine_group: Fix double write lock release in error path (git-fixes). - drm/xe/mocs: Initialize MOCS index early (stable-fixes). - drm/xe/pf: Move VFs reprovisioning to worker (stable-fixes). - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset (git-fixes). - drm/xe/pf: Sanitize VF scratch registers on FLR (stable-fixes). - drm/xe/tile: Release kobject for the failure path (git-fixes). - drm/xe/uapi: Correct sync type definition in comments (git-fixes). - drm/xe/uapi: loosen used tracking restriction (git-fixes). - drm/xe/vf: Disable CSC support on VF (git-fixes). - drm/xe/vm: Clear the scratch_pt pointer on error (git-fixes). - drm/xe/xe_query: Use separate iterator while filling GT list (stable-fixes). - drm/xe/xe_sync: avoid race during ufence signaling (git-fixes). - drm/xe: Allow dropping kunit dependency as built-in (git-fixes). - drm/xe: Attempt to bring bos back to VRAM after eviction (git-fixes). - drm/xe: Carve out wopcm portion from the stolen memory (git-fixes). - drm/xe: Do not trigger rebind on initial dma-buf validation (git-fixes). - drm/xe: Ensure fixed_slice_mode gets set after ccs_mode change (git-fixes). - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() (git-fixes). - drm/xe: Fix build without debugfs (git-fixes). - drm/xe: Make dma-fences compliant with the safe access rules (stable-fixes). - drm/xe: Move page fault init after topology init (git-fixes). - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ (git-fixes). - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path (git-fixes). - drm: renesas: rz-du: mipi_dsi: Add min check for VCLK range (stable-fixes). - dt-bindings: dpll: Add DPLL device and pin (jsc#PED-13331). - dt-bindings: dpll: Add support for Microchip Azurite chip family (jsc#PED-13331). - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set (git-fixes). - e1000e: ignore uninitialized checksum word on tgp (git-fixes). - efi: stmm: Fix incorrect buffer allocation method (git-fixes). - erofs: avoid reading more for fragment maps (git-fixes). - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC (git-fixes). - execmem: enforce allocation size aligment to PAGE_SIZE (git-fixes). - exfat: add cluster chain loop check for dir (git-fixes). - exfat: fdatasync flag should be same like generic_write_sync() (git-fixes). - ext4: fix checks for orphan inodes (bsc#1250119). - ext4: remove writable userspace mappings before truncating page cache (bsc#1247223). - fbcon: Fix OOB access in font allocation (git-fixes). - fbcon: Fix outdated registered_fb reference in comment (git-fixes). - fbcon: fix integer overflow in fbcon_do_set_font (git-fixes). - fbdev: Fix logic error in "offb" name match (git-fixes). - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit (stable-fixes). - fbdev: fix potential buffer overflow in do_register_framebuffer() (stable-fixes). - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref (git-fixes). - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() (git-fixes). - fgraph: Fix set_graph_notrace with setting TRACE_GRAPH_NOTRACE_BIT (git-fixes). - firewire: core: fix overlooked update of subsystem ABI version (git-fixes). - firewire: ohci: correct code comments about bus_reset tasklet (git-fixes). - firmware: arm_ffa: Change initcall level of ffa_init() to rootfs_initcall (stable-fixes). - firmware: arm_scmi: Convert to SYSTEM_SLEEP_PM_OPS (git-fixes). - firmware: arm_scmi: Fix up turbo frequencies selection (git-fixes). - firmware: arm_scmi: Mark VirtIO ready before registering scmi_virtio_driver (git-fixes). - firmware: arm_scmi: power_control: Ensure SCMI_SYSPOWER_IDLE is set early during resume (stable-fixes). - firmware: firmware: meson-sm: fix compile-test default (git-fixes). - firmware: meson_sm: fix device leak at probe (git-fixes). - firmware: tegra: Fix IVC dependency problems (stable-fixes). - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (git-fixes). - fs/nfs/io: make nfs_start_io_*() killable (git-fixes). - fs/proc/task_mmu: check p->vec_buf for NULL (git-fixes). - fs/proc: Use inode_get_dev() for device numbers in procmap_query References: bsc#1246450 - ftrace: Fix function profiler's filtering functionality (git-fixes). - ftrace: fix incorrect hash size in register_ftrace_direct() (git-fixes). - gfs2: Call gfs2_queue_verify_delete from gfs2_evict_inode (bsc#1247220). - gfs2: Clean up delete work processing (bsc#1247220). - gfs2: Faster gfs2_upgrade_iopen_glock wakeups (bsc#1247220). - gfs2: Initialize gl_no_formal_ino earlier (bsc#1247220). - gfs2: Minor delete_work_func cleanup (bsc#1247220). - gfs2: Only defer deletes when we have an iopen glock (bsc#1247220). - gfs2: Prevent inode creation race (2) (bsc#1247220). - gfs2: Prevent inode creation race (bsc#1247220). - gfs2: Randomize GLF_VERIFY_DELETE work delay (bsc#1247220). - gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (bsc#1247220). - gfs2: Rename dinode_demise to evict_behavior (bsc#1247220). - gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (bsc#1247220). - gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (bsc#1247220). - gfs2: Simplify DLM_LKF_QUECVT use (bsc#1247220). - gfs2: Update to the evict / remote delete documentation (bsc#1247220). - gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (bsc#1247220). - gfs2: gfs2_evict_inode clarification (bsc#1247220). - gfs2: minor evict fix (bsc#1247220). - gfs2: skip if we cannot defer delete (bsc#1247220). - gpio: mlxbf2: use platform_get_irq_optional() (git-fixes). - gpio: mlxbf3: use platform_get_irq_optional() (git-fixes). - gpio: tps65912: check the return value of regmap_update_bits() (stable-fixes). - gpio: virtio: Fix config space reading (git-fixes). - gpio: wcd934x: check the return value of regmap_update_bits() (stable-fixes). - gpio: wcd934x: mark the GPIO controller as sleeping (git-fixes). - gpiolib: Extend software-node support to support secondary software-nodes (git-fixes). - gve: Fix stuck TX queue for DQ queue format (git-fixes). - gve: prevent ethtool ops after shutdown (git-fixes). - habanalabs: fix UAF in export_dmabuf() (git-fixes). - hid: fix I2C read buffer overflow in raw_event() for mcp2221 (stable-fixes). - hv_netvsc: Fix panic during namespace deletion with VF (bsc#1248111). - hv_netvsc: Link queues to NAPIs (git-fixes). - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state (stable-fixes). - hwmon: (gsc-hwmon) fix fan pwm setpoint show functions (git-fixes). - hwmon: (mlxreg-fan) Separate methods of fan setting coming from different subsystems (git-fixes). - hwmon: mlxreg-fan: Prevent fans from getting stuck at 0 RPM (git-fixes). - hwrng: ks-sa - fix division by zero in ks_sa_rng_init (git-fixes). - hwrng: mtk - handle devm_pm_runtime_enable errors (git-fixes). - hwrng: nomadik - add ARM_AMBA dependency (git-fixes). - i2c: Force DLL0945 touchpad i2c freq to 100khz (stable-fixes). - i2c: designware: Add disabling clocks when probe fails (git-fixes). - i2c: designware: Add quirk for Intel Xe (stable-fixes). - i2c: designware: Fix clock issue when PM is disabled (git-fixes). - i2c: designware: Use temporary variable for struct device (stable-fixes). - i2c: i801: Hide Intel Birch Stream SoC TCO WDT (git-fixes). - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (git-fixes). - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() (git-fixes). - i2c: omap: Add support for setting mux (stable-fixes). - i2c: omap: Fix an error handling path in omap_i2c_probe() (git-fixes). - i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() (git-fixes). - i2c: omap: fix deprecated of_property_read_bool() use (git-fixes). - i2c: qup: jump out of the loop in case of timeout (git-fixes). - i2c: riic: Allow setting frequencies lower than 50KHz (git-fixes). - i2c: tegra: Fix reset error handling with ACPI (git-fixes). - i2c: tegra: Use internal reset when reset property is not available (bsc#1249143) - i2c: virtio: Avoid hang by using interruptible completion wait (git-fixes). - i3c: Fix default I2C adapter timeout value (git-fixes). - i3c: add missing include to internal header (stable-fixes). - i3c: do not fail if GETHDRCAP is unsupported (stable-fixes). - i3c: fix module_i3c_i2c_driver() with I3C=n (git-fixes). - i3c: master: Initialize ret in i3c_i2c_notifier_call() (stable-fixes). - i3c: master: svc: Recycle unused IBI slot (git-fixes). - i3c: master: svc: Use manual response for IBI events (git-fixes). - i40e: When removing VF MAC filters, only check PF-set MAC (git-fixes). - i40e: report VF tx_dropped with tx_errors instead of tx_discards (git-fixes). - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (git-fixes). - ice, irdma: fix an off by one in error handling code (bsc#1247712). - ice, irdma: move interrupts code to irdma (bsc#1247712). - ice/ptp: fix crosstimestamp reporting (git-fixes). - ice: Fix signedness bug in ice_init_interrupt_scheme() (bsc#1247712). - ice: Replace ice specific DSCP mapping num with a kernel define (jsc#PED-13728 jsc#PED-13762). - ice: check correct pointer in fwlog debugfs (git-fixes). - ice: count combined queues using Rx/Tx count (bsc#1247712). - ice: devlink PF MSI-X max and min parameter (bsc#1247712). - ice: do not leave device non-functional if Tx scheduler config fails (git-fixes). - ice: enable_rdma devlink param (bsc#1247712). - ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset (jsc#PED-13728). - ice: fix incorrect counter for buffer allocation failures (git-fixes). - ice: get rid of num_lan_msix field (bsc#1247712). - ice: init flow director before RDMA (bsc#1247712). - ice: remove splitting MSI-X between features (bsc#1247712). - ice: simplify VF MSI-X managing (bsc#1247712). - ice: treat dyn_allowed only as suggestion (bsc#1247712). - ice: use fixed adapter index for E825C embedded devices (git-fixes). - idpf: add PTP clock configuration (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp capabilities negotiation (jsc#PED-13728 jsc#PED-13762). - idpf: add Tx timestamp flows (jsc#PED-13728 jsc#PED-13762). - idpf: add cross timestamping (jsc#PED-13728). - idpf: add flow steering support (jsc#PED-13728). - idpf: add initial PTP support (jsc#PED-13728 jsc#PED-13762). - idpf: add mailbox access to read PTP clock time (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Rx timestamping (jsc#PED-13728 jsc#PED-13762). - idpf: add support for Tx refillqs in flow scheduling mode (jsc#PED-13728). - idpf: assign extracted ptype to struct libeth_rqe_info field (jsc#PED-13728 jsc#PED-13762). - idpf: change the method for mailbox workqueue allocation (jsc#PED-13728 jsc#PED-13762). - idpf: fix UAF in RDMA core aux dev deinitialization (jsc#PED-13728). - idpf: implement IDC vport aux driver MTU change handler (jsc#PED-13728 jsc#PED-13762). - idpf: implement RDMA vport auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement core RDMA auxiliary dev create, init, and destroy (jsc#PED-13728 jsc#PED-13762). - idpf: implement get LAN MMIO memory regions (jsc#PED-13728 jsc#PED-13762). - idpf: implement remaining IDC RDMA core callbacks and handlers (jsc#PED-13728 jsc#PED-13762). - idpf: improve when to set RE bit logic (jsc#PED-13728). - idpf: move virtchnl structures to the header file (jsc#PED-13728 jsc#PED-13762). - idpf: negotiate PTP capabilities and get PTP clock (jsc#PED-13728 jsc#PED-13762). - idpf: preserve coalescing settings across resets (jsc#PED-13728). - idpf: remove obsolete stashing code (jsc#PED-13728). - idpf: remove unreachable code from setting mailbox (jsc#PED-13728 jsc#PED-13762). - idpf: replace flow scheduling buffer ring with buffer pool (jsc#PED-13728). - idpf: set mac type when adding and removing MAC filters (jsc#PED-13728). - idpf: simplify and fix splitq Tx packet rollback error path (jsc#PED-13728). - idpf: stop Tx if there are insufficient buffer resources (jsc#PED-13728). - idpf: use reserved RDMA vectors from control plane (jsc#PED-13728 jsc#PED-13762). - igb: xsk: solve negative overflow of nb_pkts in zerocopy mode (git-fixes). - igc: disable L1.2 PCI-E link substate to avoid performance issue (git-fixes). - igc: fix disabling L1.2 PCI-E link substate on I226 on init (git-fixes). - iidc/ice/irdma: Break iidc.h into two headers (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename IDC header file (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Rename to iidc_* convention (jsc#PED-13728 jsc#PED-13762). - iidc/ice/irdma: Update IDC to support multiple consumers (jsc#PED-13728 jsc#PED-13762). - iio/adc/pac1934: fix channel disable configuration (git-fixes). - iio: accel: adxl355: Make timestamp 64-bit aligned using aligned_s64 (git-fixes). - iio: accel: fxls8962af: Fix temperature calculation (git-fixes). - iio: adc: ad7173: fix setting ODR in probe (git-fixes). - iio: adc: ad7266: Fix potential timestamp alignment issue (git-fixes). - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement (stable-fixes). - iio: adc: ad7768-1: Fix insufficient alignment of timestamp (git-fixes). - iio: adc: ad_sigma_delta: change to buffer predisable (git-fixes). - iio: adc: ad_sigma_delta: do not overallocate scan buffer (stable-fixes). - iio: adc: dln2: Use aligned_s64 for timestamp (git-fixes). - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] (stable-fixes). - iio: adc: max1363: Reorder mode_list[] entries (stable-fixes). - iio: chemical: pms7003: use aligned_s64 for timestamp (git-fixes). - iio: chemical: sps30: use aligned_s64 for timestamp (git-fixes). - iio: common: st_sensors: Fix use of uninitialize device structs (stable-fixes). - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() (git-fixes). - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (git-fixes). - iio: dac: ad5360: use int type to store negative error codes (git-fixes). - iio: dac: ad5421: use int type to store negative error codes (git-fixes). - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (git-fixes). - iio: frequency: adf4350: Fix prescaler usage (git-fixes). - iio: hid-sensor-prox: Fix incorrect OFFSET calculation (git-fixes). - iio: hid-sensor-prox: Restore lost scale assignments (git-fixes). - iio: imu: bno055: fix OOB access of hw_xlate array (git-fixes). - iio: imu: inv_icm42600: Convert to uXX and sXX integer types (stable-fixes). - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume (git-fixes). - iio: imu: inv_icm42600: change invalid data error to -EBUSY (git-fixes). - iio: imu: inv_icm42600: fix spi burst write not supported (git-fixes). - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 (stable-fixes). - iio: imu: inv_icm42600: use = { } instead of memset() (stable-fixes). - iio: light: Use aligned_s64 instead of open coding alignment (stable-fixes). - iio: light: as73211: Ensure buffer holes are zeroed (git-fixes). - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() (git-fixes). - iio: pressure: mprls0025pa: use aligned_s64 for timestamp (git-fixes). - iio: proximity: isl29501: fix buffered read on big-endian systems (git-fixes). - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() (git-fixes). - iio: xilinx-ams: Fix AMS_ALARM_THR_DIRECT_MASK (git-fixes). - iio: xilinx-ams: Unmask interrupts after updating alarms (git-fixes). - integrity/platform_certs: Allow loading of keys in the static key management mode (jsc#PED-13345 jsc#PED-13343). - intel_idle: Provide the default enter_dead() handler (jsc#PED-13815). - intel_idle: Rescan "dead" SMT siblings during initialization (jsc#PED-13815). - intel_idle: Use subsys_initcall_sync() for initialization (jsc#PED-13815). - interconnect: qcom: sc8180x: specify num_nodes (git-fixes). - interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg (git-fixes). - io_uring/rw: do not mask in f_iocb_flags (jsc#PED-12882 bsc#1237542). Drop blacklisting. - io_uring: expose read/write attribute capability (jsc#PED-12882 bsc#1237542). - io_uring: fix potential page leak in io_sqe_buffer_register() (git-fixes). - iommu/amd: Enable PASID and ATS capabilities in the correct order (git-fixes). - iommu/amd: Fix alias device DTE setting (git-fixes). - iommu/amd: Fix geometry.aperture_end for V2 tables (git-fixes). - iommu/arm-smmu-qcom: Add SM6115 MDSS compatible (git-fixes). - iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement (git-fixes). - iommu/tegra241-cmdqv: Read SMMU IDR1.CMDQS instead of hardcoding (git-fixes). - iommu/vt-d: Disallow dirty tracking if incoherent page walk (git-fixes). - iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() (git-fixes). - iommu/vt-d: Fix missing PASID in dev TLB flush with cache_tag_flush_all (git-fixes). - iommu/vt-d: Fix possible circular locking dependency (git-fixes). - iommu/vt-d: Fix system hang on reboot -f (git-fixes). - iommu/vt-d: PRS isn't usable if PDS isn't supported (git-fixes). - iommu: Handle race with default domain setup (git-fixes). - iosys-map: Fix undefined behavior in iosys_map_clear() (git-fixes). - ipmi: Fix strcpy source and destination the same (stable-fixes). - ipmi: Use dev_warn_ratelimited() for incorrect message warnings (stable-fixes). - ipv6: annotate data-races around rt->fib6_nsiblings (git-fixes). - ipv6: fix possible infinite loop in fib6_info_uses_dev() (git-fixes). - ipv6: prevent infinite loop in rt6_nlmsg_size() (git-fixes). - ipv6: reject malicious packets in ipv6_gso_segment() (git-fixes). - ipvs: Fix clamp() of ip_vs_conn_tab on small memory systems (git-fixes). - irdma: free iwdev->rf after removing MSI-X (bsc#1247712). - isolcpus: add missing hunk back (bsc#1236897 bsc#1249206). - iwlwifi: Add missing check for alloc_ordered_workqueue (git-fixes). - ixgbe: fix ixgbe_orom_civd_info struct layout (bsc#1245410). - ixgbe: prevent from unwanted interface name changes (git-fixes). - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc (git-fixes). - kABI fix after Add TDX support for vSphere (jsc#PED-13302). - kABI fix after KVM: SVM: Fix SNP AP destroy race with VMRUN (git-fixes). - kABI fix after KVM: VMX: Apply MMIO Stale Data mitigation if KVM maps MMIO into the guest (git-fixes). - kABI fix after KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap (git-fixes). - kABI fix after vhost: Reintroduce kthread API and add mode selection (git-fixes). - kABI workaround for "drm/dp: Add an EDID quirk for the DPCD register access probe" (bsc#1248121). - kABI workaround for amd_sfh (git-fixes). - kABI workaround for drm_gem.h (git-fixes). - kABI workaround for struct mtk_base_afe changes (git-fixes). - kABI: Fix the module::name type in audit_context (git-fixes). - kABI: PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports (git-fixes). - kABI: arm64: ftrace: Restore struct mod_arch_specific layout (git-fixes). - kABI: fix for struct devlink_port_attrs: move new member to the end (git-fixes). - kABI: netfilter: supress warnings for nft_set_ops (git-fixes). - kABI: x86/sev: Use TSC_FACTOR for Secure TSC frequency calculation (git-fixes). - kabi/severities: ignore kABI compatibility in iio inv_icm42600 drivers They are used only locally - kabi/severities: ignore two unused/dropped symbols from MEI - kabi: Hide adding of u64 to devlink_param_type (jsc#PED-12745). - kabi: Restore layout of parallel_data (bsc1248343). - kabi: restore layout of struct cgroup_rstat_cpu (bsc#1247963). - kasan: use vmalloc_dump_obj() for vmalloc error reports (git-fixes). - kbuild/modpost: Continue processing all unresolved symbols when KLP_SYM_RELA is found (bsc#1218644, bsc#1250655). - kbuild: rust: add rustc-min-version support function (git-fixes) - kernel-binary: Another installation ordering fix (bsc#1241353). - kernel-subpackage-build: Decompress ghost file when compressed version exists (bsc#1249346) - kernel: globalize lookup_or_create_module_kobject() (stable-fixes). - kernel: param: rename locate_module_kobject (stable-fixes). - leds: flash: leds-qcom-flash: Fix registry access after re-bind (git-fixes). - leds: flash: leds-qcom-flash: Update torch current clamp setting (git-fixes). - leds: leds-lp50xx: Handle reg to get correct multi_index (stable-fixes). - leds: leds-lp55xx: Use correct address for memory programming (git-fixes). - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() (bsc#1236897). - libbpf: Add identical pointer detection to btf_dedup_is_equiv() (git-fixes). - libeth: move idpf_rx_csum_decoded and idpf_rx_extracted (jsc#PED-13728 jsc#PED-13762). - livepatch: Add stack_order sysfs attribute (poo#187320). - loop: use kiocb helpers to fix lockdep warning (git-fixes). - lpfc: do not use file->f_path.dentry for comparisons (bsc#1250519). - mISDN: Fix memory leak in dsp_hwec_enable() (git-fixes). - mISDN: hfcpci: Fix warning when deleting uninitialized timer (git-fixes). - mailbox: Not protect module_put with spin_lock_irqsave (stable-fixes). - mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() (git-fixes). - mailbox: pcc: Always clear the platform ack interrupt first (stable-fixes). - mailbox: pcc: Fix the possible race in updation of chan_in_use flag (stable-fixes). - mailbox: pcc: Use acpi_os_ioremap() instead of ioremap() (stable-fixes). - mailbox: zynqmp-ipi: Fix SGI cleanup on unbind (git-fixes). - mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop (git-fixes). - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (git-fixes). - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (git-fixes). - maple_tree: fix MAPLE_PARENT_RANGE32 and parent pointer docs (git-fixes). - maple_tree: fix status setup on restore to active (git-fixes). - maple_tree: fix testing for 32 bit builds (git-fixes). - mctp: no longer rely on net->dev_index_head (git-fixes). - md/raid1,raid10: strip REQ_NOWAIT from member bios (git-fixes). - md: allow removing faulty rdev during resync (git-fixes). - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use (git-fixes). - md: make rdev_addable usable for rcu mode (git-fixes). - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (git-fixes). - media: cec: extron-da-hd-4k-plus: drop external-module make commands (git-fixes). - media: cx18: Add missing check after DMA map (git-fixes). - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() (stable-fixes). - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar (stable-fixes). - media: gspca: Add bounds checking to firmware parser (git-fixes). - media: hi556: Fix reset GPIO timings (stable-fixes). - media: hi556: correct the test pattern configuration (git-fixes). - media: i2c: mt9v111: fix incorrect type for ret (git-fixes). - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (git-fixes). - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() (git-fixes). - media: ipu-bridge: Add _HID for OV5670 (stable-fixes). - media: ipu6: isys: Use correct pads for xlate_streams() (git-fixes). - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls (git-fixes). - media: lirc: Fix error handling in lirc_register() (git-fixes). - media: mc: Fix MUST_CONNECT handling for pads with no links (git-fixes). - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval (git-fixes). - media: ov2659: Fix memory leaks in ov2659_probe() (git-fixes). - media: pci: ivtv: Add missing check after DMA map (git-fixes). - media: pci: mg4b: fix uninitialized iio scan data (git-fixes). - media: pisp_be: Fix pm_runtime underrun in probe (git-fixes). - media: qcom: camss: cleanup media device allocated resource on error path (git-fixes). - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() (git-fixes). - media: rc: fix races with imon_disconnect() (git-fixes). - media: rj54n1cb0c: Fix memleak in rj54n1_probe() (git-fixes). - media: s5p-mfc: remove an unused/uninitialized variable (git-fixes). - media: st-delta: avoid excessive stack usage (git-fixes). - media: tc358743: Check I2C succeeded during probe (stable-fixes). - media: tc358743: Increase FIFO trigger level to 374 (stable-fixes). - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt (stable-fixes). - media: ti: j721e-csi2rx: Fix source subdev link creation (git-fixes). - media: ti: j721e-csi2rx: Use devm_of_platform_populate (git-fixes). - media: ti: j721e-csi2rx: fix list_del corruption (git-fixes). - media: tuner: xc5000: Fix use-after-free in xc5000_release (git-fixes). - media: usb: hdpvr: disable zero-length read messages (stable-fixes). - media: usbtv: Lock resolution while streaming (git-fixes). - media: uvcvideo: Add quirk for HP Webcam HD 2300 (stable-fixes). - media: uvcvideo: Do not mark valid metadata as invalid (git-fixes). - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (git-fixes). - media: uvcvideo: Fix bandwidth issue for Alcor camera (stable-fixes). - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID (git-fixes). - media: uvcvideo: Rollback non processed entities on error (git-fixes). - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (stable-fixes). - media: v4l2-ctrls: Do not reset handler's error in v4l2_ctrl_handler_free() (git-fixes). - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (git-fixes). - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() (git-fixes). - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (git-fixes). - media: venus: Add a check for packet size after reading from shared memory (git-fixes). - media: venus: Fix MSM8998 frequency table (git-fixes). - media: venus: Fix OOB read due to missing payload bound check (git-fixes). - media: venus: firmware: Use correct reset sequence for IRIS2 (git-fixes). - media: venus: hfi: explicitly release IRQ during teardown (git-fixes). - media: venus: protect against spurious interrupts during probe (git-fixes). - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: venus: venc: Clamp param smaller than 1fps and bigger than 240 (git-fixes). - media: verisilicon: Fix AV1 decoder clock frequency (git-fixes). - media: vivid: fix wrong pixel_array control size (git-fixes). - media: zoran: Remove zoran_fh structure (git-fixes). - mei: bus: Check for still connected devices in mei_cl_bus_dev_release() (stable-fixes). - mei: vsc: Destroy mutex after freeing the IRQ (git-fixes). - mei: vsc: Do not re-init VSC from mei_vsc_hw_reset() on stop (git-fixes). - mei: vsc: Drop unused vsc_tp_request_irq() and vsc_tp_free_irq() (stable-fixes). - mei: vsc: Event notifier fixes (git-fixes). - mei: vsc: Fix "BUG: Invalid wait context" lockdep error (git-fixes). - mei: vsc: Run event callback from a workqueue (git-fixes). - mei: vsc: Unset the event callback on remove and probe errors (git-fixes). - memory: mtk-smi: Add ostd setting for mt8186 (git-fixes). - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (git-fixes). - memstick: Fix deadlock by moving removing flag earlier (git-fixes). - mfd: axp20x: Set explicit ID for AXP313 regulator (stable-fixes). - mfd: cros_ec: Separate charge-control probing from USB-PD (git-fixes). - mfd: exynos-lpass: Fix another error handling path in exynos_lpass_probe() (git-fixes). - mfd: rz-mtu3: Fix MTU5 NFCR register offset (git-fixes). - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (git-fixes). - microchip: lan865x: Fix LAN8651 autoloading (git-fixes). - microchip: lan865x: Fix module autoloading (git-fixes). - microchip: lan865x: fix missing Timer Increment config for Rev.B0/B1 (git-fixes). - microchip: lan865x: fix missing netif_start_queue() call on device open (git-fixes). - misc: fastrpc: Fix fastrpc_map_lookup operation (git-fixes). - misc: fastrpc: Save actual DMA size in fastrpc_map structure (git-fixes). - misc: fastrpc: Skip reference for DMA handles (git-fixes). - misc: fastrpc: fix possible map leak in fastrpc_put_args (git-fixes). - misc: genwqe: Fix incorrect cmd field being reported in error (git-fixes). - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type (git-fixes). - misc: pci_endpoint_test: Give disabled BARs a distinct error code (stable-fixes). - misc: rtsx: usb: Ensure mmc child device is active when card is present (git-fixes). - mm/damon/core: avoid destroyed target reference from DAMOS quota (git-fixes). - mm/damon/core: prevent unnecessary overflow in damos_set_effective_quota() (git-fixes). - mm/damon/core: set quota->charged_from to jiffies at first charge window (git-fixes). - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() (git-fixes). - mm/damon/ops-common: ignore migration request to invalid nodes (git-fixes). - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() (git-fixes). - mm/damon/sysfs: fix use-after-free in state_show() (git-fixes). - mm/memory-failure: fix redundant updates for already poisoned pages (bsc#1250087). - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() (git-fixes) - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE (git-fixes). - mm: close theoretical race where stale TLB entries could linger (git-fixes). - mm: fault in complete folios instead of individual pages for tmpfs (git-fixes). - mm: fix the inaccurate memory statistics issue for users (bsc#1244723). - mm: introduce and use {pgd,p4d}_populate_kernel() (git-fixes). - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma (git-fixes). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (bsc#1245630). - mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting - kabi (bsc#1245630). - mm: move page table sync declarations to linux/pgtable.h (git-fixes). - mm: swap: fix potential buffer overflow in setup_clusters() (git-fixes). - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() (git-fixes). - mmc: mvsdio: Fix dma_unmap_sg() nents value (git-fixes). - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() (stable-fixes). - mmc: sdhci-cadence: add Mobileye eyeQ support (stable-fixes). - mmc: sdhci-msm: Ensure SD card power isn't ON when card removed (stable-fixes). - mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up (stable-fixes). - mmc: sdhci-of-arasan: Support for emmc hardware reset (stable-fixes). - mmc: sdhci-pci-gli: Add a new function to simplify the code (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER (git-fixes). - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency (git-fixes). - mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 (git-fixes). - module: Fix memory deallocation on error path in move_module() (git-fixes). - module: Prevent silent truncation of module name in delete_module(2) (git-fixes). - module: Remove unnecessary +1 from last_unloaded_module::name size (git-fixes). - module: Restore the moduleparam prefix length check (git-fixes). - most: core: Drop device reference after usage in get_channel() (git-fixes). - mptcp: fix spurious wake-up on under memory pressure (git-fixes). - mtd: fix possible integer overflow in erase_xfer() (git-fixes). - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (git-fixes). - mtd: rawnand: atmel: Fix dma_mapping_error() address (git-fixes). - mtd: rawnand: atmel: Fix error handling path in atmel_nand_controller_add_nands (git-fixes). - mtd: rawnand: atmel: set pmecc data setup time (git-fixes). - mtd: rawnand: fsmc: Add missing check after DMA map (git-fixes). - mtd: rawnand: omap2: fix device leak on probe failure (git-fixes). - mtd: rawnand: qcom: Fix last codeword read in qcom_param_page_type_exec() (git-fixes). - mtd: rawnand: renesas: Add missing check after DMA map (git-fixes). - mtd: rawnand: rockchip: Add missing check after DMA map (git-fixes). - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (git-fixes). - mtd: rawnand: stm32_fmc2: fix ECC overwrite (git-fixes). - mtd: spi-nor: Fix spi_nor_try_unlock_all() (git-fixes). - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER (git-fixes). - mtd: spinand: propagate spinand_wait() errors from spinand_write_page() (git-fixes). - mwl8k: Add missing check after DMA map (git-fixes). - neighbour: Fix null-ptr-deref in neigh_flush_dev() (git-fixes). - net/mlx5: Base ECVF devlink port attrs from 0 (git-fixes). - net/mlx5: CT: Use the correct counter offset (git-fixes). - net/mlx5: Check device memory pointer before usage (git-fixes). - net/mlx5: Correctly set gso_segs when LRO is used (git-fixes). - net/mlx5: Correctly set gso_size when LRO is used (git-fixes). - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch (git-fixes). - net/mlx5: Fix lockdep assertion on sync reset unload event (git-fixes). - net/mlx5: Fix memory leak in cmd_exec() (git-fixes). - net/mlx5: HWS, Fix memory leak in hws_action_get_shared_stc_nic error flow (git-fixes). - net/mlx5: HWS, Fix pattern destruction in mlx5hws_pat_get_pattern error path (git-fixes). - net/mlx5: HWS, fix bad parameter in CQ creation (git-fixes). - net/mlx5: Nack sync reset when SFs are present (git-fixes). - net/mlx5: Prevent flow steering mode changes in switchdev mode (git-fixes). - net/mlx5: Reload auxiliary drivers on fw_activate (git-fixes). - net/mlx5e: Add new prio for promiscuous mode (git-fixes). - net/mlx5e: Clear Read-Only port buffer size in PBMC before update (git-fixes). - net/mlx5e: Preserve shared buffer capacity during headroom updates (git-fixes). - net/mlx5e: Remove skb secpath if xfrm state is not found (git-fixes). - net/mlx5e: Set local Xoff after FW update (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon MTU set (git-fixes). - net/mlx5e: Update and set Xon/Xoff upon port speed set (git-fixes). - net/packet: fix a race in packet_set_ring() and packet_notifier() (git-fixes). - net/sched: Restrict conditions for adding duplicating netems to qdisc tree (git-fixes). - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (git-fixes). - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class (git-fixes). - net/sched: taprio: enforce minimum value for picos_per_byte (git-fixes). - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll (git-fixes). - net: 802: LLC+SNAP OID:PID lookup on start of skb data (git-fixes). - net: dsa: restore dsa_software_vlan_untag() ability to operate on VLAN-untagged traffic (git-fixes). - net: dsa: tag_ocelot_8021q: fix broken reception (git-fixes). - net: hsr: fix fill_frame_info() regression vs VLAN packets (git-fixes). - net: hsr: fix hsr_init_sk() vs network/transport headers (git-fixes). - net: hv_netvsc: fix loss of early receive events from host during channel open (git-fixes). - net: ieee8021q: fix insufficient table-size assertion (stable-fixes). - net: llc: reset skb->transport_header (git-fixes). - net: mana: Add handler for hardware servicing events (bsc#1245730). - net: mana: Add speed support in mana_get_link_ksettings (bsc#1245726). - net: mana: Add support for net_shaper_ops (bsc#1245726). - net: mana: Allocate MSI-X vectors dynamically (bsc#1245457). - net: mana: Allow irq_setup() to skip cpus for affinity (bsc#1245457). - net: mana: Expose additional hardware counters for drop and TC via ethtool (bsc#1245729). - net: mana: Fix build errors when CONFIG_NET_SHAPER is disabled (gix-fixes). - net: mana: Fix potential deadlocks in mana napi ops (bsc#1245726). - net: mana: Handle Reset Request from MANA NIC (bsc#1245728). - net: mana: Handle unsupported HWC commands (bsc#1245726). - net: mana: Set tx_packets to post gso processing packet count (bsc#1245731). - net: mana: Use page pool fragments for RX buffers instead of full pages to improve memory efficiency (bsc#1248754). - net: mana: explain irq_setup() algorithm (bsc#1245457). - net: mana: fix spelling for mana_gd_deregiser_irq() (git-fixes). - net: mctp: handle skb cleanup on sock_queue failures (git-fixes). - net: mdio: mdio-bcm-unimac: Correct rate fallback logic (git-fixes). - net: nfc: nci: Add parameter validation for packet data (git-fixes). - net: page_pool: allow enabling recycling late, fix false positive warning (git-fixes). - net: phy: bcm54811: PHY initialization (stable-fixes). - net: phy: fix phy_uses_state_machine() (git-fixes). - net: phy: micrel: Add ksz9131_resume() (stable-fixes). - net: phy: micrel: fix KSZ8081/KSZ8091 cable test (git-fixes). - net: phy: smsc: add proper reset flags for LAN8710A (stable-fixes). - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (git-fixes). - net: rose: convert 'use' field to refcount_t (git-fixes). - net: rose: fix a typo in rose_clear_routes() (git-fixes). - net: rose: include node references in rose_neigh refcount (git-fixes). - net: rose: split remove and free operations in rose_remove_neigh() (stable-fixes). - net: thunderbolt: Enable end-to-end flow control also in transmit (stable-fixes). - net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() (stable-fixes). - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (git-fixes). - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock (git-fixes). - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization (git-fixes). - net: usb: asix_devices: add phy_mask for ax88772 mdio bus (git-fixes). - net: usb: cdc-ncm: check for filtering capability (git-fixes). - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition (stable-fixes). - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions (git-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FE990A name (stable-fixes). - net: usb: qmi_wwan: fix Telit Cinterion FN990A name (stable-fixes). - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event (git-fixes). - net: usbnet: Fix the wrong netif_carrier_on() call (git-fixes). - netfilter: ctnetlink: fix refcount leak on table dump (git-fixes). - netfilter: ctnetlink: remove refcounting in expectation dumpers (git-fixes). - netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around (git-fixes). - netfilter: nf_nat: also check reverse tuple to obtain clashing entry (git-fixes). - netfilter: nf_reject: do not leak dst refcount for loopback packets (git-fixes). - netfilter: nf_tables: Drop dead code from fill_*_info routines (git-fixes). - netfilter: nf_tables: adjust lockdep assertions handling (git-fixes). - netfilter: nf_tables: fix set size with rbtree backend (git-fixes). - netfilter: nf_tables: imbalance in flowtable binding (git-fixes). - netfilter: nft_ct: Use __refcount_inc() for per-CPU nft_ct_pcpu_template (git-fixes). - netfilter: nft_flow_offload: update tcp state flags under lock (git-fixes). - netfilter: nft_objref: validate objref and objrefmap expressions (bsc#1250237). - netfilter: nft_set_hash: skip duplicated elements pending gc run (git-fixes). - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext (git-fixes). - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps (git-fixes). - netfilter: nft_tunnel: fix geneve_opt dump (git-fixes). - netfilter: xtables: support arpt_mark and ipv6 optstrip for iptables-nft only builds (git-fixes). - netlink: fix policy dump for int with validation callback (jsc#PED-13331). - netlink: specs: devlink: replace underscores with dashes in names (jsc#PED-13331). - netpoll: prevent hanging NAPI when netcons gets enabled (git-fixes). - nfs/localio: add direct IO enablement with sync and async IO support (git-fixes). - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter (git-fixes). - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT (git-fixes). - nfsd: fix access checking for NLM under XPRTSEC policies (git-fixes). - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (git-fixes). - nouveau: fix disabling the nonstall irq due to storm code (git-fixes). - nvme-auth: update bi_directional flag (git-fixes). - nvme-fc: use lock accessing port_state and rport state (bsc#1245193 bsc#1247500). - nvme-pci: try function level reset on init failure (git-fixes). - nvme-tcp: log TLS handshake failures at error level (git-fixes). - nvme-tcp: send only permitted commands for secure concat (git-fixes). - nvme: fix PI insert on write (git-fixes). - nvme: fix endianness of command word prints in nvme_log_err_passthru() (git-fixes). - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() (git-fixes). - nvme: fix misaccounting of nvme-mpath inflight I/O (git-fixes). - nvmet-fc: avoid scheduling association deletion twice (bsc#1245193 bsc#1247500). - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op (bsc#1245193 bsc#1247500). - nvmet-fcloop: call done callback even when remote port is gone (bsc#1245193 bsc#1247500). - nvmet-tcp: fix callback lock for TLS handshake (git-fixes). - nvmet: exit debugfs after discovery subsystem exits (git-fixes). - nvmet: initialize discovery subsys after debugfs is initialized (git-fixes). - nvmet: pci-epf: Do not complete commands twice if nvmet_req_init() fails (git-fixes). - objtool, ASoC: codecs: wcd934x: Remove potential undefined behavior in wcd934x_slim_irq_handler() (stable-fixes). - objtool, lkdtm: Obfuscate the do_nothing() pointer (stable-fixes). - objtool, regulator: rk808: Remove potential undefined behavior in rk806_set_mode_dcdc() (stable-fixes). - of: dynamic: Fix memleak when of_pci_add_properties() failed (git-fixes). - of: dynamic: Fix use after free in of_changeset_add_prop_helper() (git-fixes). - of: resolver: Fix device node refcount leakage in of_resolve_phandles() (git-fixes). - of: resolver: Simplify of_resolve_phandles() using __free() (stable-fixes). - of: unittest: Fix device reference count leak in of_unittest_pci_node_verify (git-fixes). - of: unittest: Unlock on error in unittest_data_add() (git-fixes). - pNFS/flexfiles: do not attempt pnfs on fatal DS errors (git-fixes). - pNFS: Fix disk addr range check in block/scsi layout (git-fixes). - pNFS: Fix stripe mapping in block/scsi layout (git-fixes). - pNFS: Fix uninited ptr deref in block/scsi layout (git-fixes). - pNFS: Handle RPC size limit for layoutcommits (git-fixes). - percpu: fix race on alloc failed warning limit (git-fixes). - perf bpf-event: Fix use-after-free in synthesis (git-fixes). - perf bpf-utils: Constify bpil_array_desc (git-fixes). - perf bpf-utils: Harden get_bpf_prog_info_linear (git-fixes). - perf dso: Add missed dso__put to dso__load_kcore (git-fixes). - perf hwmon_pmu: Avoid shortening hwmon PMU name (git-fixes). - perf parse-events: Set default GH modifier properly (git-fixes). - perf record: Cache build-ID of hit DSOs only (git-fixes). - perf sched: Fix memory leaks for evsel->priv in timehist (git-fixes). - perf sched: Fix memory leaks in 'perf sched latency' (git-fixes). - perf sched: Fix memory leaks in 'perf sched map' (git-fixes). - perf sched: Fix thread leaks in 'perf sched timehist' (git-fixes). - perf sched: Free thread->priv using priv_destructor (git-fixes). - perf sched: Make sure it frees the usage string (git-fixes). - perf sched: Use RC_CHK_EQUAL() to compare pointers (git-fixes). - perf symbol-minimal: Fix ehdr reading in filename__read_build_id (git-fixes). - perf test: Fix a build error in x86 topdown test (git-fixes). - perf tests bp_account: Fix leaked file descriptor (git-fixes). - perf tools: Remove libtraceevent in .gitignore (git-fixes). - perf topdown: Use attribute to see an event is a topdown metic or slots (git-fixes). - perf trace: Remove --map-dump documentation (git-fixes). - phy: fsl-imx8mq-usb: fix phy_tx_vboost_level_from_property() (git-fixes). - phy: mscc: Fix parsing of unicast frames (git-fixes). - phy: mscc: Fix timestamping for vsc8584 (git-fixes). - phy: qcom: phy-qcom-m31: Update IPQ5332 M31 USB phy initialization sequence (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: Do not zero-out registers (git-fixes). - phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties (git-fixes). - phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal (stable-fixes). - phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 (git-fixes). - phy: rockchip: samsung-hdptx: Do no set rk_hdptx_phy->rate in case of errors (git-fixes). - phy: rockchip: samsung-hdptx: Fix clock ratio setup (git-fixes). - phy: tegra: xusb: fix device and OF node leak at probe (git-fixes). - phy: ti-pipe3: fix device leak at unbind (git-fixes). - phy: ti: omap-usb2: fix device leak at unbind (git-fixes). - pidfs: Fix memory leak in pidfd_info() (jsc#PED-13113). - pidfs: raise SB_I_NODEV and SB_I_NOEXEC (bsc#1249562). - pinctrl: STMFX: add missing HAS_IOMEM dependency (git-fixes). - pinctrl: berlin: fix memory leak in berlin_pinctrl_build_state() (git-fixes). - pinctrl: equilibrium: Remove redundant semicolons (git-fixes). - pinctrl: meson-gxl: add missing i2c_d pinmux (git-fixes). - pinctrl: renesas: Use int type to store negative error codes (git-fixes). - pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() (git-fixes). - pinctrl: samsung: Drop unused S3C24xx driver data (git-fixes). - pinctrl: stm32: Manage irq affinity settings (stable-fixes). - pinctrl: sunxi: Fix memory leak on krealloc failure (git-fixes). - pinmux: fix race causing mux_owner NULL with active mux_usecount (git-fixes). - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() (git-fixes). - platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready (stable-fixes). - platform/chrome: cros_ec_typec: Defer probe on missing EC parent (stable-fixes). - platform/mellanox: mlxbf-pmc: Remove newline char from event name input (git-fixes). - platform/mellanox: mlxbf-pmc: Use kstrtobool() to check 0/1 input (git-fixes). - platform/mellanox: mlxbf-pmc: Validate event/enable input (git-fixes). - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (git-fixes). - platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list (stable-fixes). - platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list (stable-fixes). - platform/x86/amd/pmf: Support new ACPI ID AMDI0108 (stable-fixes). - platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list (stable-fixes). - platform/x86/intel-uncore-freq: Check write blocked for ELC (git-fixes). - platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (git-fixes). - platform/x86: Fix initialization order for firmware_attributes_class (git-fixes). - platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA (stable-fixes). - platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 (stable-fixes). - platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk (git-fixes). - platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk (git-fixes). - platform/x86: ideapad-laptop: Fix FnLock not remembered among boots (git-fixes). - platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots (git-fixes). - platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() (git-fixes). - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() (stable-fixes). - pm: cpupower: bench: Prevent NULL dereference on malloc failure (stable-fixes). - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery (git-fixes). - power: supply: bq27xxx: restrict no-battery detection to bq27000 (git-fixes). - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name (git-fixes). - power: supply: cw2015: Fix a alignment coding style issue (git-fixes). - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set (git-fixes). - power: supply: max77976_charger: fix constant current reporting (git-fixes). - power: supply: qcom_battmgr: Add lithium-polymer entry (stable-fixes). - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() (git-fixes). - powerpc/eeh: Export eeh_unfreeze_pe() (bsc#1215199). - powerpc/eeh: Make EEH driver device hotplug safe (bsc#1215199). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (git-fixes). - powerpc/ftrace: ensure ftrace record ops are always set for NOPs (jsc#PED-10909 git-fixes). - powerpc/kernel: Fix ppc_save_regs inclusion in build (bsc#1215199). - powerpc/kvm: Fix ifdef to remove build warning (bsc#1215199). - powerpc/powernv/pci: Fix underflow and leak issue (bsc#1215199). - powerpc/pseries/msi: Fix potential underflow and leak issue (bsc#1215199). - powerpc/pseries: Correct secvar format representation for static key management (jsc#PED-13345 jsc#PED-13343). - powerpc/secvar: Expose secvars relevant to the key management mode (jsc#PED-13345 jsc#PED-13343). - powerpc64/modules: correctly iterate over stubs in setup_ftrace_ool_stubs (jsc#PED-10909 git-fixes). - powerpc: do not build ppc_save_regs.o always (bsc#1215199). - powerpc: floppy: Add missing checks after DMA map (bsc#1215199). - pptp: fix pptp_xmit() error path (git-fixes). - printk: nbcon: Allow reacquire during panic (bsc#1246688). - psample: adjust size if rate_as_probability is set (git-fixes). - ptp: fix breakage after ptp_vclock_in_use() rework (git-fixes). - pwm: berlin: Fix wrong register in suspend/resume (git-fixes). - pwm: imx-tpm: Reset counter if CMOD is 0 (git-fixes). - pwm: mediatek: Fix duty and period setting (git-fixes). - pwm: mediatek: Handle hardware enable and clock enable separately (stable-fixes). - pwm: rockchip: Round period/duty down on apply, up on get (git-fixes). - pwm: tiehrpwm: Do not drop runtime PM reference in .free() (git-fixes). - pwm: tiehrpwm: Fix corner case in clock divisor calculation (git-fixes). - pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation (git-fixes). - pwm: tiehrpwm: Make code comment in .free() more useful (git-fixes). - r8169: add support for RTL8125D (stable-fixes). - r8169: disable RTL8126 ZRX-DC timeout (stable-fixes). - r8169: do not scan PHY addresses > 0 (stable-fixes). - rcu: Fix racy re-initialization of irq_work causing hangs (git-fixes) - regmap: Remove superfluous check for !config in __regmap_init() (git-fixes). - regulator: core: fix NULL dereference on unbind due to stale coupling data (stable-fixes). - regulator: scmi: Use int type to store negative error codes (git-fixes). - regulator: sy7636a: fix lifecycle of power good gpio (git-fixes). - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 (stable-fixes). - reset: eyeq: fix OF node leak (git-fixes). - resource: Add resource set range and size helpers (jsc#PED-13728 jsc#PED-13762). - resource: fix false warning in __request_region() (git-fixes). - ring-buffer: Do not allow events in NMI with generic atomic64 cmpxchg() (git-fixes). - ring-buffer: Make reading page consistent with the code logic (git-fixes). - rpm/config.sh: SLFO 1.2 is now synced to OBS as well - rtc: ds1307: fix incorrect maximum clock rate handling (git-fixes). - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 (stable-fixes). - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe (stable-fixes). - rtc: hym8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: nct3018y: fix incorrect maximum clock rate handling (git-fixes). - rtc: optee: fix memory leak on driver removal (git-fixes). - rtc: pcf85063: fix incorrect maximum clock rate handling (git-fixes). - rtc: pcf8563: fix incorrect maximum clock rate handling (git-fixes). - rtc: rv3028: fix incorrect maximum clock rate handling (git-fixes). - rtc: x1205: Fix Xicor X1205 vendor prefix (git-fixes). - s390/ap: Unmask SLCF bit in card and queue ap functions sysfs (git-fixes bsc#1247837). - s390/bpf: Fix bpf_arch_text_poke() with new_addr == NULL again (git-fixes bsc#1246868). - s390/cpum_cf: Deny all sampling events by counter PMU (git-fixes bsc#1249477). - s390/early: Copy last breaking event address to pt_regs (git-fixes bsc#1249061). - s390/hypfs: Avoid unnecessary ioctl registration in debugfs (bsc#1248727 git-fixes). - s390/hypfs: Enable limited access during lockdown (bsc#1248727 git-fixes). - s390/ism: fix concurrency management in ism_cmd() (git-fixes bsc#1247372). - s390/mm: Allocate page table with PAGE_SIZE granularity (git-fixes bsc#1247838). - s390/mm: Do not map lowcore with identity mapping (git-fixes bsc#1249066). - s390/mm: Remove possible false-positive warning in pte_free_defer() (git-fixes bsc#1247366). - s390/pai: Deny all events not handled by this PMU (git-fixes bsc#1249478). - s390/pci: Allow automatic recovery with minimal driver support (bsc#1248728 git-fixes). - s390/sclp: Fix SCCB present check (git-fixes bsc#1249065). - s390/stp: Remove udelay from stp_sync_clock() (git-fixes bsc#1249062). - s390/time: Use monotonic clock in get_cycles() (git-fixes bsc#1249064). - samples/bpf: Fix compilation failure for samples/bpf on LoongArch Fedora (git-fixes). - samples: mei: Fix building on musl libc (git-fixes). - sched/deadline: Always stop dl-server before changing parameters (bsc#1247936). - sched/deadline: Do not count nr_running for dl_server proxy tasks (git-fixes, bsc#1247936). - sched/deadline: Fix RT task potential starvation when expiry time passed (git-fixes, bsc#1247936). - sched/deadline: Fix dl_server_stopped() (bsc#1247936). - sched/deadline: Initialize dl_servers after SMP (git-fixes) - sched_ext, sched/core: Do not call scx_group_set_weight() (git-fixes) - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" (git-fixes). - scsi: core: Fix kernel doc for scsi_track_queue_full() (git-fixes). - scsi: elx: efct: Fix dma_unmap_sg() nents value (git-fixes). - scsi: fc: Avoid -Wflex-array-member-not-at-end warnings (bsc#1250519). - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value (git-fixes). - scsi: isci: Fix dma_unmap_sg() nents value (git-fixes). - scsi: lpfc: Abort outstanding ELS WQEs regardless of if rmmod is in progress (bsc#1250519). - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (bsc#1250519). - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail (bsc#1250519). - scsi: lpfc: Clean up extraneous phba dentries (bsc#1250519). - scsi: lpfc: Convert debugfs directory counts from atomic to unsigned int (bsc#1250519). - scsi: lpfc: Copyright updates for 14.4.0.11 patches (bsc#1250519). - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted (bsc#1250519). - scsi: lpfc: Define size of debugfs entry for xri rebalancing (bsc#1250519). - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology (bsc#1250519). - scsi: lpfc: Fix buffer free/clear order in deferred receive path (bsc#1250519). - scsi: lpfc: Fix wrong function reference in a comment (bsc#1250519). - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (bsc#1250519). - scsi: lpfc: Remove redundant assignment to avoid memory leak (bsc#1250519). - scsi: lpfc: Remove unused member variables in struct lpfc_hba and lpfc_vport (bsc#1250519). - scsi: lpfc: Update lpfc version to 14.4.0.11 (bsc#1250519). - scsi: lpfc: Use int type to store negative error codes (bsc#1250519). - scsi: lpfc: Use switch case statements in DIF debugfs handlers (bsc#1250519). - scsi: lpfc: use min() to improve code (bsc#1250519). - scsi: mpi3mr: Event processing debug improvement (bsc#1251186). - scsi: mpi3mr: Fix I/O failures during controller reset (bsc#1251186). - scsi: mpi3mr: Fix controller init failure on fault during queue creation (bsc#1251186). - scsi: mpi3mr: Fix device loss during enclosure reboot due to zero link speed (bsc#1251186). - scsi: mpi3mr: Fix kernel-doc issues in mpi3mr_app.c (git-fixes). - scsi: mpi3mr: Fix premature TM timeouts on virtual drives (bsc#1251186). - scsi: mpi3mr: Fix race between config read submit and interrupt completion (git-fixes). - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems (git-fixes). - scsi: mpi3mr: Update MPI headers to revision 37 (bsc#1251186). - scsi: mpi3mr: Update driver version to 8.15.0.5.50 (bsc#1251186). - scsi: mpt3sas: Fix a fw_event memory leak (git-fixes). - scsi: mvsas: Fix dma_unmap_sg() nents value (git-fixes). - scsi: qla2xxx: Avoid stack frame size warning in qla_dfs (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() (git-fixes). - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() (git-fixes). - scsi: qla2xxx: Remove firmware URL (git-fixes). - scsi: qla2xxx: Use secs_to_jiffies() instead of msecs_to_jiffies() (git-fixes). - scsi: qla2xxx: edif: Fix incorrect sign of error code (git-fixes). - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately (git-fixes). - scsi: smartpqi: Enhance WWID logging logic (bsc#1246631). - scsi: smartpqi: Take drives offline when controller is offline (bsc#1246631). - scsi: smartpqi: Update driver version to 2.1.34-035 (bsc#1246631). - scsi: ufs: Fix toggling of clk_gating.state when clock gating is not allowed (git-fixes). - scsi: ufs: Introduce quirk to extend PA_HIBERN8TIME for UFS devices (git-fixes). - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails (git-fixes). - scsi: ufs: core: Add missing post notify for power mode change (git-fixes). - scsi: ufs: core: Add ufshcd_send_bsg_uic_cmd() for UFS BSG (git-fixes). - scsi: ufs: core: Always initialize the UIC done completion (git-fixes). - scsi: ufs: core: Do not perform UFS clkscaling during host async scan (git-fixes). - scsi: ufs: core: Fix clk scaling to be conditional in reset and restore (git-fixes). - scsi: ufs: core: Fix error return with query response (git-fixes). - scsi: ufs: core: Fix spelling of a sysfs attribute name (git-fixes). - scsi: ufs: core: Fix ufshcd_is_ufs_dev_busy() and ufshcd_eh_timed_out() (git-fixes). - scsi: ufs: core: Honor runtime/system PM levels if set by host controller drivers (git-fixes). - scsi: ufs: core: Improve ufshcd_mcq_sq_cleanup() (git-fixes). - scsi: ufs: core: Introduce ufshcd_has_pending_tasks() (git-fixes). - scsi: ufs: core: Prepare to introduce a new clock_gating lock (git-fixes). - scsi: ufs: core: Remove redundant query_complete trace (git-fixes). - scsi: ufs: core: Set default runtime/system PM levels before ufshcd_hba_init() (git-fixes). - scsi: ufs: core: Update compl_time_stamp_local_clock after completing a cqe (git-fixes). - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume (git-fixes). - scsi: ufs: exynos: Add check inside exynos_ufs_config_smu() (git-fixes). - scsi: ufs: exynos: Add gs101_ufs_drv_init() hook and enable WriteBooster (git-fixes). - scsi: ufs: exynos: Enable PRDT pre-fetching with UFSHCD_CAP_CRYPTO (git-fixes). - scsi: ufs: exynos: Ensure consistent phy reference counts (git-fixes). - scsi: ufs: exynos: Ensure pre_link() executes before exynos_ufs_phy_init() (git-fixes). - scsi: ufs: exynos: Fix hibern8 notify callbacks (git-fixes). - scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE (git-fixes). - scsi: ufs: exynos: Move UFS shareability value to drvdata (git-fixes). - scsi: ufs: exynos: Move phy calls to .exit() callback (git-fixes). - scsi: ufs: exynos: Remove empty drv_init method (git-fixes). - scsi: ufs: exynos: Remove superfluous function parameter (git-fixes). - scsi: ufs: exynos: gs101: Put UFS device in reset on .suspend() (git-fixes). - scsi: ufs: mcq: Delete ufshcd_release_scsi_cmd() in ufshcd_mcq_abort() (git-fixes). - scsi: ufs: pltfrm: Disable runtime PM during removal of glue drivers (git-fixes). - scsi: ufs: pltfrm: Drop PM runtime reference count after ufshcd_remove() (git-fixes). - scsi: ufs: qcom: Fix crypto key eviction (git-fixes). - scsi: ufs: qcom: fix dev reference leaked through of_qcom_ice_get (git-fixes). - scsi: ufs: ufs-pci: Fix default runtime and system PM levels (git-fixes). - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers (git-fixes). - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast (git-fixes bsc#1250671). - selftest/livepatch: Only run test-kprobe with CONFIG_KPROBES_ON_FTRACE (poo#187320). - selftests/cpufreq: Fix cpufreq basic read and update testcases (bsc#1250344). - selftests/livepatch: Ignore NO_SUPPORT line in dmesg (poo#187320). - selftests/livepatch: Replace hardcoded module name with variable in test-callbacks.sh (poo#187320). - selftests/run_kselftest.sh: Fix help string for --per-test-log (poo#187320). - selftests/run_kselftest.sh: Use readlink if realpath is not available (poo#187320). - selftests/tracing: Fix false failure of subsystem event test (git-fixes). - selftests: ALSA: fix memory leak in utimer test (git-fixes). - selftests: livepatch: add new ftrace helpers functions (poo#187320). - selftests: livepatch: add test cases of stack_order sysfs interface (poo#187320). - selftests: livepatch: handle PRINTK_CALLER in check_result() (poo#187320). - selftests: livepatch: rename KLP_SYSFS_DIR to SYSFS_KLP_DIR (poo#187320). - selftests: livepatch: save and restore kprobe state (poo#187320). - selftests: livepatch: test if ftrace can trace a livepatched function (poo#187320). - selftests: livepatch: test livepatching a kprobed function (poo#187320). - selftests: ncdevmem: Move ncdevmem under drivers/net/hw (poo#187443). - selinux: change security_compute_sid to return the ssid or tsid on match (git-fixes). - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (stable-fixes). - serial: 8250: Touch watchdogs in write_atomic() (bsc#1246688). - serial: 8250: fix panic due to PSLVERR (git-fixes). - serial: max310x: Add error checking in probe() (git-fixes). - serial: sc16is7xx: fix bug in flow control levels init (git-fixes). - skmsg: Return copied bytes in sk_msg_memcopy_from_iter (bsc#1250650). - slab: Decouple slab_debug and no_hash_pointers (bsc#1249022). - smb: client: fix crypto buffers in non-linear memory (bsc#1250491, boo#1239206). - smb: client: fix netns refcount leak after net_passive changes (git-fixes). - soc/tegra: cbb: Clear ERR_FORCE register with ERR_STATUS (git-fixes). - soc/tegra: pmc: Ensure power-domains are in a known state (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure (git-fixes). - soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure (git-fixes). - soc: qcom: QMI encoding/decoding for big endian (git-fixes). - soc: qcom: fix endianness for QMI header (git-fixes). - soc: qcom: mdt_loader: Actually use the e_phoff (stable-fixes). - soc: qcom: mdt_loader: Deal with zero e_shentsize (git-fixes). - soc: qcom: mdt_loader: Ensure we do not read past the ELF header (git-fixes). - soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() (git-fixes). - soc: qcom: pmic_glink: fix OF node leak (git-fixes). - soc: qcom: rpmh-rsc: Add RSC version 4 support (stable-fixes). - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (git-fixes). - soundwire: Move handle_nested_irq outside of sdw_dev_lock (stable-fixes). - soundwire: amd: cancel pending slave status handling workqueue during remove sequence (stable-fixes). - soundwire: amd: fix for handling slave alerts after link is down (git-fixes). - soundwire: amd: serialize amd manager resume sequence during pm_prepare (stable-fixes). - soundwire: stream: restore params when prepare ports fail (git-fixes). - spi: bcm2835: Remove redundant semicolons (git-fixes). - spi: cadence-quadspi: Fix cqspi_setup_flash() (git-fixes). - spi: cadence-quadspi: Flush posted register writes before DAC access (git-fixes). - spi: cadence-quadspi: Flush posted register writes before INDAC access (git-fixes). - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths (stable-fixes). - spi: cs42l43: Property entry should be a null-terminated array (bsc#1246979). - spi: fix return code when spi device has too many chipselects (git-fixes). - spi: mtk-snfi: Remove redundant semicolons (git-fixes). - spi: spi-fsl-lpspi: Clamp too high speed_hz (git-fixes). - spi: spi-fsl-lpspi: Clear status register after disabling the module (git-fixes). - spi: spi-fsl-lpspi: Fix transmissions when using CONT (git-fixes). - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort (git-fixes). - spi: spi-fsl-lpspi: Set correct chip-select polarity bit (git-fixes). - spi: stm32: Check for cfg availability in stm32_spi_probe (git-fixes). - sprintf.h requires stdarg.h (git-fixes). - sprintf.h: mask additional include (git-fixes). - squashfs: fix memory leak in squashfs_fill_super (git-fixes). - staging: axis-fifo: fix TX handling on copy_from_user() failure (git-fixes). - staging: axis-fifo: fix maximum TX packet length check (git-fixes). - staging: axis-fifo: flush RX FIFO on read errors (git-fixes). - staging: axis-fifo: remove sysfs interface (git-fixes). - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() (git-fixes). - staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() (git-fixes). - staging: nvec: Fix incorrect null termination of battery manufacturer (git-fixes). - staging: vchiq_arm: Make vchiq_shutdown never fail (git-fixes). - struct cdc_ncm_ctx: move new member to end (git-fixes). - sunrpc: fix client side handling of tls alerts (git-fixes). - sunrpc: fix handling of server side tls alerts (git-fixes). - sunrpc: fix null pointer dereference on zero-length checksum (git-fixes). - sunvdc: Balance device refcount in vdc_port_mpgroup_check (git-fixes). - supported.conf: Mark ZL3073X modules supported - supported.conf: mark hyperv_drm as external - tcp: call tcp_measure_rcv_mss() for ooo packets (git-fixes). - tcp_bpf: Fix copied value in tcp_bpf_sendmsg (bsc#1250650). - thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands (stable-fixes). - thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const (stable-fixes). - thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required (stable-fixes). - thermal/drivers/qcom/lmh: Add missing IRQ includes (git-fixes). - thermal: sysfs: Return ENODATA instead of EAGAIN for reads (stable-fixes). - thunderbolt: Compare HMAC values in constant time (git-fixes). - thunderbolt: Fix copy+paste error in match_service_id() (git-fixes). - tools/power turbostat: Clustered Uncore MHz counters should honor show/hide options (stable-fixes). - tools/power turbostat: Fix bogus SysWatt for forked program (git-fixes). - tools/power turbostat: Fix build with musl (stable-fixes). - tools/power turbostat: Handle cap_get_proc() ENOSYS (stable-fixes). - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions (stable-fixes). - tools/resolve_btfids: Fix build when cross compiling kernel with clang (git-fixes). - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (git-fixes). - trace/fgraph: Fix error handling (git-fixes). - trace/ring-buffer: Do not use TP_printk() formatting for boot mapped buffers (git-fixes). - tracepoint: Print the function symbol when tracepoint_debug is set (jsc#PED-13631). - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update (git-fixes). - tracing/kprobes: Fix to free objects when failed to copy a symbol (git-fixes). - tracing: Correct the refcount if the hist/hist_debug file fails to open (git-fixes). - tracing: Fix filter string testing (git-fixes). - tracing: Fix using ret variable in tracing_set_tracer() (git-fixes). - tracing: Remove unneeded goto out logic (bsc#1249286). - tracing: Switch trace.c code over to use guard() (git-fixes). - tracing: Switch trace_events_hist.c code over to use guard() (git-fixes). - tracing: fprobe events: Fix possible UAF on modules (git-fixes). - tracing: tprobe-events: Fix leakage of module refcount (git-fixes). - tty: hvc_console: Call hvc_kick in hvc_write unconditionally (bsc#1230062). - tty: n_gsm: Do not block input queue by waiting MSC (git-fixes). - tty: serial: fix print format specifiers (stable-fixes). - ublk: sanity check add_dev input for underflow (git-fixes). - ublk: use vmalloc for ublk_device's __queues (git-fixes). - ucount: fix atomic_long_inc_below() argument type (git-fixes). - uio: uio_pdrv_genirq: Remove MODULE_DEVICE_TABLE (git-fixes). - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() (git-fixes). - usb: cdns3: cdnsp-pci: remove redundant pci_disable_device() call (git-fixes). - usb: core: Add 0x prefix to quirks debug output (stable-fixes). - usb: core: config: Prevent OOB read in SS endpoint companion parsing (stable-fixes). - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test (git-fixes). - usb: core: usb_submit_urb: downgrade type check (stable-fixes). - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout (git-fixes). - usb: dwc3: Remove WARN_ON for device endpoint command timeouts (stable-fixes). - usb: dwc3: imx8mp: fix device leak at unbind (git-fixes). - usb: dwc3: meson-g12a: fix device leaks at unbind (git-fixes). - usb: dwc3: pci: add support for the Intel Wildcat Lake (stable-fixes). - usb: dwc3: qcom: Do not leave BCR asserted (git-fixes). - usb: early: xhci-dbc: Fix early_ioremap leak (git-fixes). - usb: gadget : fix use-after-free in composite_dev_cleanup() (git-fixes). - usb: gadget: configfs: Correctly set use_os_string at bind (git-fixes). - usb: gadget: midi2: Fix MIDI2 IN EP max packet size (git-fixes). - usb: gadget: midi2: Fix missing UMP group attributes initialization (git-fixes). - usb: gadget: udc: renesas_usb3: fix device leak at unbind (git-fixes). - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (git-fixes). - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() (git-fixes). - usb: misc: apple-mfi-fastcharge: Make power supply names unique (git-fixes). - usb: misc: qcom_eud: Access EUD_MODE_MANAGER2 through secure calls (git-fixes). - usb: musb: omap2430: fix device leak at unbind (git-fixes). - usb: phy: twl6030: Fix incorrect type for ret (git-fixes). - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive (stable-fixes). - usb: renesas-xhci: Fix External ROM access timeouts (git-fixes). - usb: storage: realtek_cr: Use correct byte order for bcs->Residue (git-fixes). - usb: typec: fusb302: cache PD RX state (git-fixes). - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present (stable-fixes). - usb: typec: maxim_contaminant: disable low power mode when reading comparator values (git-fixes). - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean (git-fixes). - usb: typec: tcpm/tcpci_maxim: fix irq wake usage (stable-fixes). - usb: typec: tcpm: allow switching to mode accessory to mux properly (stable-fixes). - usb: typec: tcpm: allow to use sink in accessory mode (stable-fixes). - usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach (git-fixes). - usb: typec: tcpm: properly deliver cable vdms to altmode drivers (git-fixes). - usb: typec: tipd: Clear interrupts first (git-fixes). - usb: typec: ucsi: Update power_supply on power role change (git-fixes). - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default (stable-fixes). - usb: typec: ucsi: yoga-c630: fix error and remove paths (git-fixes). - usb: vhci-hcd: Prevent suspending virtually attached devices (git-fixes). - usb: xhci: Avoid showing errors during surprise removal (stable-fixes). - usb: xhci: Avoid showing warnings for dying controller (stable-fixes). - usb: xhci: Fix slot_id resource race conflict (git-fixes). - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command (stable-fixes). - usb: xhci: print xhci->xhc_state when queue_command failed (stable-fixes). - use uniform permission checks for all mount propagation changes (git-fixes). - vdpa/mlx5: Fix needs_teardown flag calculation (git-fixes). - vdpa: Fix IDR memory leak in VDUSE module exit (git-fixes). - vhost-scsi: Fix log flooding with target does not exist errors (git-fixes). - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() (git-fixes). - vhost/vsock: Avoid allocating arbitrarily-sized SKBs (git-fixes). - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER (git-fixes). - vhost: Reintroduce kthread API and add mode selection (git-fixes). - vhost: fail early when __vhost_add_used() fails (git-fixes). - virtchnl2: add flow steering support (jsc#PED-13728). - virtchnl2: rename enum virtchnl2_cap_rss (jsc#PED-13728). - virtchnl: add PTP virtchnl definitions (jsc#PED-13728 jsc#PED-13762). - virtio_net: Enforce minimum TX ring size for reliability (git-fixes). - virtio_ring: Fix error reporting in virtqueue_resize (git-fixes). - vmci: Prevent the dispatching of uninitialized payloads (git-fixes). - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page (git-fixes). - vsock/virtio: Validate length in packet header before skb_put() (git-fixes). - vt: defkeymap: Map keycodes above 127 to K_HOLE (git-fixes). - vt: keyboard: Do not process Unicode characters in K_OFF mode (git-fixes). - watchdog: dw_wdt: Fix default timeout (stable-fixes). - watchdog: iTCO_wdt: Report error if timeout configuration fails (stable-fixes). - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (git-fixes). - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition (stable-fixes). - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() (git-fixes). - wifi: ath10k: avoid unnecessary wait for service ready message (git-fixes). - wifi: ath10k: shutdown driver when hardware is unreliable (stable-fixes). - wifi: ath11k: HAL SRNG: do not deinitialize and re-initialize again (git-fixes). - wifi: ath11k: clear initialized flag for deinit-ed srng lists (git-fixes). - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption (git-fixes). - wifi: ath11k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath11k: fix group data packet drops during rekey (git-fixes). - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() (git-fixes). - wifi: ath11k: fix source ring-buffer corruption (git-fixes). - wifi: ath11k: fix suspend use-after-free after probe failure (git-fixes). - wifi: ath12k: Add MODULE_FIRMWARE() entries (bsc#1250952). - wifi: ath12k: Add memset and update default rate value in wmi tx completion (stable-fixes). - wifi: ath12k: Correct tid cleanup when tid setup fails (stable-fixes). - wifi: ath12k: Decrement TID on RX peer frag setup error handling (stable-fixes). - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 (stable-fixes). - wifi: ath12k: Fix station association with MBSSID Non-TX BSS (stable-fixes). - wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption (git-fixes). - wifi: ath12k: fix dest ring-buffer corruption when ring is full (git-fixes). - wifi: ath12k: fix endianness handling while accessing wmi service bit (git-fixes). - wifi: ath12k: fix memory leak in ath12k_pci_remove() (stable-fixes). - wifi: ath12k: fix memory leak in ath12k_service_ready_ext_event (git-fixes). - wifi: ath12k: fix source ring-buffer corruption (git-fixes). - wifi: ath12k: fix the fetching of combined rssi (git-fixes). - wifi: ath12k: fix wrong handling of CCMP256 and GCMP ciphers (git-fixes). - wifi: ath12k: fix wrong logging ID used for CE (git-fixes). - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE (git-fixes). - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work (git-fixes). - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() (git-fixes). - wifi: cfg80211: Fix interface type validation (stable-fixes). - wifi: cfg80211: fix use-after-free in cmp_bss() (git-fixes). - wifi: cfg80211: reject HTC bit for management frames (stable-fixes). - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (git-fixes). - wifi: cw1200: cap SSID length in cw1200_do_join() (git-fixes). - wifi: iwlegacy: Check rate_idx range after addition (stable-fixes). - wifi: iwlwifi: Add missing firmware info for bz-b0-* models (bsc#1252084). - wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() (git-fixes). - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() (git-fixes). - wifi: iwlwifi: Remove redundant header files (git-fixes). - wifi: iwlwifi: config: unify fw/pnvm MODULE_FIRMWARE (bsc#1252084). - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() (stable-fixes). - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect (stable-fixes). - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn (stable-fixes). - wifi: iwlwifi: mvm: fix scan request validation (stable-fixes). - wifi: iwlwifi: mvm: set gtk id also in older FWs (stable-fixes). - wifi: iwlwifi: return ERR_PTR from opmode start() (stable-fixes). - wifi: iwlwifi: uefi: check DSM item validity (git-fixes). - wifi: libertas: cap SSID len in lbs_associate() (git-fixes). - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() (git-fixes). - wifi: mac80211: Do not call fq_flow_idx() for management frames (git-fixes). - wifi: mac80211: Do not schedule stopped TXQs (git-fixes). - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() (git-fixes). - wifi: mac80211: avoid weird state in error path (stable-fixes). - wifi: mac80211: do not complete management TX on SAE commit (stable-fixes). - wifi: mac80211: do not unreserve never reserved chanctx (stable-fixes). - wifi: mac80211: fix Rx packet handling when pubsta information is not available (git-fixes). - wifi: mac80211: fix incorrect type for ret (stable-fixes). - wifi: mac80211: fix rx link assignment for non-MLO stations (stable-fixes). - wifi: mac80211: increase scan_ies_len for S1G (stable-fixes). - wifi: mac80211: reject TDLS operations when station is not associated (git-fixes). - wifi: mac80211: update radar_required in channel context after channel switch (stable-fixes). - wifi: mt76: fix linked list corruption (git-fixes). - wifi: mt76: fix potential memory leak in mt76_wmac_probe() (git-fixes). - wifi: mt76: free pending offchannel tx frames on wcid cleanup (git-fixes). - wifi: mt76: mt7915: fix mt7981 pre-calibration (git-fixes). - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch (stable-fixes). - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure (git-fixes). - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() (git-fixes). - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP (git-fixes). - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete (git-fixes). - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE (git-fixes). - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device (git-fixes). - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() (git-fixes). - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc (git-fixes). - wifi: mwifiex: Initialize the chan_stats array to zero (git-fixes). - wifi: mwifiex: send world regulatory domain to driver (git-fixes). - wifi: nl80211: Set num_sub_specs before looping through sub_specs (git-fixes). - wifi: plfxlc: Fix error handling in usb driver probe (git-fixes). - wifi: rtl818x: Kill URBs before clearing tx status queue (git-fixes). - wifi: rtl8xxxu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled (git-fixes). - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() (stable-fixes). - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()` (stable-fixes). - wifi: rtlwifi: rtl8192cu: Do not claim USB ID 07b8:8188 (stable-fixes). - wifi: rtw88: Fix macid assigned to TDLS station (git-fixes). - wifi: rtw89: Fix rtw89_mac_power_switch() for USB (stable-fixes). - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB (stable-fixes). - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band (git-fixes). - wifi: rtw89: avoid circular locking dependency in ser_state_run() (git-fixes). - wifi: rtw89: scan abort when assign/unassign_vif (stable-fixes). - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode (stable-fixes). - wifi: virt_wifi: Fix page fault on connect (stable-fixes). - wifi: wilc1000: avoid buffer overflow in WID string configuration (stable-fixes). - writeback: Avoid contention on wb->list_lock when switching inodes (bsc#1237776). - writeback: Avoid contention on wb->list_lock when switching inodes (kABI fixup) (bsc#1237776). - writeback: Avoid excessively long inode switching times (bsc#1237776). - writeback: Avoid softlockup when switching many inodes (bsc#1237776). - x86/CPU/AMD: Add CPUID faulting support (jsc#PED-13704). - x86/Kconfig: Add arch attack vector support (git-fixes). - x86/Kconfig: Always enable ARCH_SPARSEMEM_ENABLE (git-fixes). - x86/boot: Sanitize boot params before parsing command line (git-fixes). - x86/bugs: Add SRSO_MITIGATION_NOSMT (git-fixes). - x86/bugs: Add attack vector controls for BHI (git-fixes). - x86/bugs: Add attack vector controls for GDS (git-fixes). - x86/bugs: Add attack vector controls for ITS (git-fixes). - x86/bugs: Add attack vector controls for L1TF (git-fixes). - x86/bugs: Add attack vector controls for MDS (git-fixes). - x86/bugs: Add attack vector controls for MMIO (git-fixes). - x86/bugs: Add attack vector controls for RFDS (git-fixes). - x86/bugs: Add attack vector controls for SRBDS (git-fixes). - x86/bugs: Add attack vector controls for SRSO (git-fixes). - x86/bugs: Add attack vector controls for SSB (git-fixes). - x86/bugs: Add attack vector controls for TAA (git-fixes). - x86/bugs: Add attack vector controls for TSA (git-fixes). - x86/bugs: Add attack vector controls for retbleed (git-fixes). - x86/bugs: Add attack vector controls for spectre_v1 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2 (git-fixes). - x86/bugs: Add attack vector controls for spectre_v2_user (git-fixes). - x86/bugs: Allow ITS stuffing in eIBRS+retpoline mode also (git-fixes). - x86/bugs: Avoid AUTO after the select step in the retbleed mitigation (git-fixes). - x86/bugs: Avoid warning when overriding return thunk (git-fixes). - x86/bugs: Clean up SRSO microcode handling (git-fixes). - x86/bugs: Define attack vectors relevant for each bug (git-fixes). - x86/bugs: Fix GDS mitigation selecting when mitigation is off (git-fixes). - x86/bugs: Introduce cdt_possible() (git-fixes). - x86/bugs: Print enabled attack vectors (git-fixes). - x86/bugs: Remove its=stuff dependency on retbleed (git-fixes). - x86/bugs: Select best SRSO mitigation (git-fixes). - x86/bugs: Simplify the retbleed=stuff checks (git-fixes). - x86/bugs: Use IBPB for retbleed if used by SRSO (git-fixes). - x86/bugs: Use switch/case in its_apply_mitigation() (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000005) L1d/L1i associativity (git-fixes). - x86/cacheinfo: Properly parse CPUID(0x80000006) L2/L3 associativity (git-fixes). - x86/cpu: Sanitize CPUID(0x80000000) output (git-fixes). - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 (git-fixes). - x86/fpu/xstate: Fix inconsistencies in guest FPU xfeatures (git-fixes). - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() (git-fixes). - x86/fpu: Delay instruction pointer fixup until after warning (git-fixes). - x86/fpu: Fix guest FPU state buffer allocation size (git-fixes). - x86/fpu: Fully optimize out WARN_ON_FPU() (git-fixes). - x86/fpu: Refactor xfeature bitmask update code for sigframe XSAVE (git-fixes). - x86/fred/signal: Prevent immediate repeat of single step trap on return from SIGTRAP handler (git-fixes). - x86/headers: Replace __ASSEMBLY__ with __ASSEMBLER__ in UAPI headers (git-fixes). - x86/locking: Use ALT_OUTPUT_SP() for percpu_{,try_}cmpxchg{64,128}_op() (git-fixes). - x86/mce/amd: Add default names for MCA banks and blocks (git-fixes). - x86/mce: Do not remove sysfs if thresholding sysfs init fails (git-fixes). - x86/mce: Ensure user polling settings are honored when restarting timer (git-fixes). - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel (git-fixes). - x86/microcode/AMD: Handle the case of no BIOS microcode (git-fixes). - x86/microcode: Consolidate the loader enablement checking (git-fixes). - x86/microcode: Update the Intel processor flag scan check (git-fixes). - x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() (git-fixes). - x86/mm/pat: do not collapse pages without PSE set (git-fixes). - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() (git-fixes). - x86/percpu: Disable named address spaces for UBSAN_BOOL with KASAN for GCC < 14.2 (git-fixes). - x86/pkeys: Simplify PKRU update in signal frame (git-fixes). - x86/platform/olpc: Remove unused variable 'len' in olpc_dt_compatible_match() (git-fixes). - x86/pti: Add attack vector controls for PTI (git-fixes). - x86/rdrand: Disable RDSEED on AMD Cyan Skillfish (git-fixes). - x86/smp: Allow calling mwait_play_dead with an arbitrary hint (jsc#PED-13815). - x86/smp: Fix mwait_play_dead() and acpi_processor_ffh_play_dead() noreturn behavior (jsc#PED-13815). - x86/smp: PM/hibernate: Split arch_resume_nosmt() (jsc#PED-13815). - x86/smpboot: Fix INIT delay assignment for extended Intel Families (git-fixes). - x86/topology: Implement topology_is_core_online() to address SMT regression (jsc#PED-13815). - x86/traps: Initialize DR6 by writing its architectural reset value (git-fixes). - xen/gntdev: remove struct gntdev_copy_batch from stack (git-fixes). - xen/netfront: Fix TX response spurious interrupts (git-fixes). - xen: fix UAF in dmabuf_exp_from_pages() (git-fixes). - xfrm: replay: Fix the update of replay_esn->oseq_hi for GSO (git-fixes). - xfs: change xfs_xattr_class from a TRACE_EVENT() to DECLARE_EVENT_CLASS() (git-fixes). - xfs: do not propagate ENODATA disk errors into xattr code (git-fixes). - xfs: fix scrub trace with null pointer in quotacheck (git-fixes). - xfs: only create event xfs_file_compat_ioctl when CONFIG_COMPAT is configure (git-fixes). - xfs: remove unused event xfs_alloc_near_error (git-fixes). - xfs: remove unused event xfs_alloc_near_nominleft (git-fixes). - xfs: remove unused event xfs_attr_node_removename (git-fixes). - xfs: remove unused event xfs_ioctl_clone (git-fixes). - xfs: remove unused event xfs_pagecache_inval (git-fixes). - xfs: remove unused event xlog_iclog_want_sync (git-fixes). - xfs: remove unused trace event xfs_attr_remove_iter_return (git-fixes). - xfs: remove unused trace event xfs_attr_rmtval_set (git-fixes). - xfs: remove unused trace event xfs_discard_rtrelax (git-fixes). - xfs: remove unused trace event xfs_log_cil_return (git-fixes). - xfs: remove unused trace event xfs_reflink_cow_enospc (git-fixes). - xfs: remove unused xfs_attr events (git-fixes). - xfs: remove unused xfs_reflink_compare_extents events (git-fixes). - xfs: remove usused xfs_end_io_direct events (git-fixes). - xhci: dbc: Fix full DbC transfer ring after several reconnects (git-fixes). - xhci: dbc: decouple endpoint allocation from initialization (git-fixes). - xhci: fix memory leak regression when freeing xhci vdev devices depth first (git-fixes). - xirc2ps_cs: fix register access when enabling FullDuplex (git-fixes). - zram: permit only one post-processing operation at a time (git-fixes). kernel-devel-6.12.0-160000.6.1.noarch.rpm True kernel-macros-6.12.0-160000.6.1.noarch.rpm True kernel-source-6.12.0-160000.6.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.6.1.noarch.rpm True dtb-allwinner-6.12.0-160000.6.1.aarch64.rpm True dtb-altera-6.12.0-160000.6.1.aarch64.rpm True dtb-amazon-6.12.0-160000.6.1.aarch64.rpm True dtb-amd-6.12.0-160000.6.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.6.1.aarch64.rpm True dtb-apm-6.12.0-160000.6.1.aarch64.rpm True dtb-apple-6.12.0-160000.6.1.aarch64.rpm True dtb-arm-6.12.0-160000.6.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.6.1.aarch64.rpm True dtb-cavium-6.12.0-160000.6.1.aarch64.rpm True dtb-exynos-6.12.0-160000.6.1.aarch64.rpm True dtb-freescale-6.12.0-160000.6.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.6.1.aarch64.rpm True dtb-lg-6.12.0-160000.6.1.aarch64.rpm True dtb-marvell-6.12.0-160000.6.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.6.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.6.1.aarch64.rpm True dtb-qcom-6.12.0-160000.6.1.aarch64.rpm True dtb-renesas-6.12.0-160000.6.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.6.1.aarch64.rpm True dtb-socionext-6.12.0-160000.6.1.aarch64.rpm True dtb-sprd-6.12.0-160000.6.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.6.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.6.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.6.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.6.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.6.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.6.1.aarch64.rpm True kernel-default-6.12.0-160000.6.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.6.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.6.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.6.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.aarch64.rpm True kernel-docs-6.12.0-160000.6.1.noarch.rpm True kernel-docs-html-6.12.0-160000.6.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.6.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.6.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.6.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.6.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.6.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.6.1.aarch64.rpm True kernel-syms-6.12.0-160000.6.1.aarch64.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.6.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.6.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.6.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.6.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.6.1.ppc64le.rpm True kernel-syms-6.12.0-160000.6.1.ppc64le.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.6.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.6.1.s390x.rpm True kernel-default-6.12.0-160000.6.1.s390x.rpm True kernel-default-devel-6.12.0-160000.6.1.s390x.rpm True kernel-default-extra-6.12.0-160000.6.1.s390x.rpm True kernel-default-optional-6.12.0-160000.6.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.6.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.s390x.rpm True kernel-obs-build-6.12.0-160000.6.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.6.1.s390x.rpm True kernel-syms-6.12.0-160000.6.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.6.1.s390x.rpm True cluster-md-kmp-default-6.12.0-160000.6.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.6.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.6.1.x86_64.rpm True kernel-default-6.12.0-160000.6.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.6.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.6.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.6.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.6.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.6.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.6.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.6.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.6.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.6.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.6.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.6.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.6.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.6.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.6.1.x86_64.rpm True kernel-syms-6.12.0-160000.6.1.x86_64.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64.rpm True openSUSE-Leap-16.0-51 Recommended update for scanner-databases moderate SUSE SLFO 1.2 This update for scanner-databases fixes the following issues: - database refresh on 2025-10-11 (bsc#1084929) clamav-database-202510111041-160000.2.1.noarch.rpm trivy-database-202510110052-160000.2.1.aarch64.rpm trivy-database-202510110052-160000.2.1.ppc64le.rpm trivy-database-202510110052-160000.2.1.s390x.rpm trivy-database-202510110052-160000.2.1.x86_64.rpm openSUSE-Leap-16.0-52 Security update for lasso critical SUSE SLFO 1.2 This update for lasso fixes the following issues: - CVE-2025-46404: specially crafted SAML response can lead to a denial of service (bsc#1253092). - CVE-2025-46705: specially crafted SAML assertion response can lead to a denial of service (bsc#1253093). - CVE-2025-47151: type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality can lead to an arbitrary code execution (bsc#1253095). liblasso-devel-2.8.2-160000.3.1.aarch64.rpm liblasso3-2.8.2-160000.3.1.aarch64.rpm python3-lasso-2.8.2-160000.3.1.aarch64.rpm liblasso-devel-2.8.2-160000.3.1.ppc64le.rpm liblasso3-2.8.2-160000.3.1.ppc64le.rpm python3-lasso-2.8.2-160000.3.1.ppc64le.rpm liblasso-devel-2.8.2-160000.3.1.s390x.rpm liblasso3-2.8.2-160000.3.1.s390x.rpm python3-lasso-2.8.2-160000.3.1.s390x.rpm liblasso-devel-2.8.2-160000.3.1.x86_64.rpm liblasso3-2.8.2-160000.3.1.x86_64.rpm python3-lasso-2.8.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-53 Recommended update for man-pages-posix important SUSE SLFO 1.2 This update for man-pages-posix fixes the following issues: - use %license tag (bsc#1252161) man-pages-posix-2017a-160000.4.1.noarch.rpm openSUSE-Leap-16.0-54 Recommended update for multipath-tools moderate SUSE SLFO 1.2 This update for multipath-tools fixes the following issues: - Fixes from upstream 0.11.3 (bsc#1253260) * Improved the communication with **udev** and **systemd** by triggering uevents when path devices are added to or removed from multipath maps, or when `multipathd reconfigure` is executed after changing blacklist directives in `multipath.conf`. * Failed paths should be checked every `polling_interval`. In certain cases, this wouldn't happen, because the check interval wasn't reset by multipathd. * It could happen that multipathd would accidentally release a SCSI persistent reservation held by another node. * After manually failing some paths and then reinstating them, sometimes the reinstated paths were immediately failed again by multipathd. * Various minor fixes reported by coverity. kpartx-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.aarch64.rpm kpartx-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.ppc64le.rpm kpartx-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.s390x.rpm kpartx-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm libdmmp-devel-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm libdmmp0_2_0-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm libmpath0-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm multipath-tools-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm multipath-tools-devel-0.11.3+184+suse.e1501732-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-55 Recommended update for osinfo-db moderate SUSE SLFO 1.2 This update for osinfo-db fixes the following issues: - Fix: virt-manager does not detect Leap 16.0 offline ISO (bsc#1252429) - Fix: the definition of Leap 16.0 to match the current names of the Leap 16.0 ISOs and the Volume IDs contained within those ISOs (bsc#1236401) osinfo-db-20250606-160000.3.1.noarch.rpm openSUSE-Leap-16.0-56 Security update for mysql-connector-java important SUSE SLFO 1.2 This update for mysql-connector-java fixes the following issues: - Upgrade to Version 9.3.0 - CVE-2025-30706: Fixed Connector/J vulnerability (bsc#1241693) - Updatable ResultSet fails with 'Parameter index out of range'. - Fixed Resultset UPDATE methods not checking validity of ResultSet. - DatabaseMetaData clean up. - Fixed implement missing methods in DatabaseMetaDataUsingInfoSchema. - Fixed procedure execution failing when the parameter name contains escape character. - Fixed allow only Krb5LoginModule in Kerberos authentication. - Fixed EXECUTE on CallableStatement resulting in ArrayIndexOutOfBoundsException. - Mysql connector use an uneffective way to match numericValue. - Fixed parameter index validation not proper in CallableStatement mysql-connector-java-9.3.0-160000.1.1.noarch.rpm openSUSE-Leap-16.0-57 Security update for curl important SUSE SLFO 1.2 This update for curl fixes the following issues: - CVE-2025-9086: Fixed Out of bounds read for cookie path (bsc#1249191) - CVE-2025-11563: Fixed wcurl path traversal with percent-encoded slashes (bsc#1253757) - CVE-2025-10148: Fixed predictable WebSocket mask (bsc#1249348) Other fixes: - tool_operate: fix return code when --retry is used but not triggered (bsc#1249367) curl-8.14.1-160000.3.1.aarch64.rpm curl-fish-completion-8.14.1-160000.3.1.noarch.rpm curl-zsh-completion-8.14.1-160000.3.1.noarch.rpm libcurl-devel-8.14.1-160000.3.1.aarch64.rpm libcurl-devel-doc-8.14.1-160000.3.1.noarch.rpm libcurl4-8.14.1-160000.3.1.aarch64.rpm curl-8.14.1-160000.3.1.ppc64le.rpm libcurl-devel-8.14.1-160000.3.1.ppc64le.rpm libcurl4-8.14.1-160000.3.1.ppc64le.rpm curl-8.14.1-160000.3.1.s390x.rpm libcurl-devel-8.14.1-160000.3.1.s390x.rpm libcurl4-8.14.1-160000.3.1.s390x.rpm curl-8.14.1-160000.3.1.x86_64.rpm libcurl-devel-8.14.1-160000.3.1.x86_64.rpm libcurl4-8.14.1-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-58 Security update for the Linux Kernel important SUSE SLFO 1.2 The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2025-21816: hrtimers: Force migrate away hrtimers queued after (bsc#1238472). - CVE-2025-38653: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (bsc#1248630). - CVE-2025-38718: sctp: linearize cloned gso packets in sctp_rcv (bsc#1249161). - CVE-2025-39676: scsi: qla4xxx: Prevent a potential error pointer dereference (bsc#1249302). - CVE-2025-39702: ipv6: sr: Fix MAC comparison to be constant-time (bsc#1249317). - CVE-2025-39756: fs: Prevent file descriptor table allocations exceeding INT_MAX (bsc#1249512). - CVE-2025-39779: btrfs: subpage: keep TOWRITE tag until folio is cleaned (bsc#1249495). - CVE-2025-39812: sctp: initialize more fields in sctp_v6_from_sk() (bsc#1250202). - CVE-2025-39866: fs: writeback: fix use-after-free in __mark_inode_dirty() (bsc#1250455). - CVE-2025-39876: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (bsc#1250400). - CVE-2025-39881: kernfs: Fix UAF in polling when open file is released (bsc#1250379). - CVE-2025-39895: sched: Fix sched_numa_find_nth_cpu() if mask offline (bsc#1250721). - CVE-2025-39903: of_numa: fix uninitialized memory nodes causing kernel panic (bsc#1250749). - CVE-2025-39911: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (bsc#1250704). - CVE-2025-39947: net/mlx5e: Harden uplink netdev access against device unbind (bsc#1251232). - CVE-2025-39948: ice: fix Rx page leak on multi-buffer frames (bsc#1251233). - CVE-2025-39949: qed: Don't collect too many protection override GRC elements (bsc#1251177). - CVE-2025-39950: net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR (bsc#1251176). - CVE-2025-39955: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (bsc#1251804). - CVE-2025-39956: igc: don't fail igc_probe() on LED setup error (bsc#1251809). - CVE-2025-39963: io_uring: fix incorrect io_kiocb reference in io_link_skb (bsc#1251819). - CVE-2025-39968: i40e: add max boundary check for VF filters (bsc#1252047). - CVE-2025-39969: i40e: fix validation of VF state in get resources (bsc#1252044). - CVE-2025-39970: i40e: fix input validation logic for action_meta (bsc#1252051). - CVE-2025-39971: i40e: fix idx validation in config queues msg (bsc#1252052). - CVE-2025-39972: i40e: fix idx validation in i40e_validate_queue_map (bsc#1252039). - CVE-2025-39973: i40e: add validation for ring_len param (bsc#1252035). - CVE-2025-39978: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() (bsc#1252069). - CVE-2025-39979: net/mlx5: fs, add API for sharing HWS action by refcount (bsc#1252067). - CVE-2025-39984: net: tun: Update napi->skb after XDP process (bsc#1252081). - CVE-2025-39992: mm: swap: check for stable address space before operating on the VMA (bsc#1252076). - CVE-2025-40000: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() (bsc#1252062). - CVE-2025-40005: spi: cadence-quadspi: Implement refcount to handle unbind during busy (bsc#1252349). - CVE-2025-40012: net/smc: fix warning in smc_rx_splice() when calling get_page() (bsc#1252330). - CVE-2025-40018: ipvs: Defer ip_vs_ftp unregister during netns cleanup (bsc#1252688). - CVE-2025-40040: mm/ksm: fix flag-dropping behavior in ksm_madvise (bsc#1252780). - CVE-2025-40051: vhost: vringh: Modify the return value check (bsc#1252858). - CVE-2025-40056: vhost: vringh: Fix copy_to_iter return value check (bsc#1252826). - CVE-2025-40060: coresight: trbe: Return NULL pointer for allocation failures (bsc#1252848). - CVE-2025-40078: bpf: Explicitly check accesses to bpf_sock_addr (bsc#1252789). - CVE-2025-40080: nbd: restrict sockets to TCP and UDP (bsc#1252774). - CVE-2025-40100: btrfs: do not assert we found block group item when creating free space tree (bsc#1252918). The following non security issues were fixed: - add bug reference to existing hv_netvsc change (bsc#1252265) - amd-pstate-ut: Reset amd-pstate driver mode after running selftests (bsc#1249226). - cgroup/cpuset: Remove remote_partition_check() & make update_cpumasks_hier() handle remote partition (bsc#1241166). - cpuset: Use new excpus for nocpu error check when enabling root partition (bsc#1241166). - cpuset: fix failure to enable isolated partition when containing isolcpus (bsc#1241166). - doc/README.SUSE: Correct the character used for TAINT_NO_SUPPORT The character was previously 'N', but upstream used it for TAINT_TEST, which prompted the change of TAINT_NO_SUPPORT to 'n'. - dpll: zl3073x: Add firmware loading functionality (bsc#1252253). - dpll: zl3073x: Add functions to access hardware registers (bsc#1252253). - dpll: zl3073x: Add low-level flash functions (bsc#1252253). - dpll: zl3073x: Add support to get fractional frequency offset (bsc#1252253). - dpll: zl3073x: Add support to get phase offset on connected input pin (bsc#1252253). - dpll: zl3073x: Add support to get/set esync on pins (bsc#1252253). - dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (bsc#1252253). - dpll: zl3073x: Handle missing or corrupted flash configuration (bsc#1252253). - dpll: zl3073x: Implement devlink flash callback (bsc#1252253). - dpll: zl3073x: Increase maximum size of flash utility (bsc#1252253). - dpll: zl3073x: Refactor DPLL initialization (bsc#1252253). - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (git-fixes). - drm/xe/guc: Prepare GuC register list and update ADS size for error capture (stable-fixes). - ixgbe: handle IXGBE_VF_FEATURES_NEGOTIATE mbox cmd (bsc#1247222). - ixgbe: handle IXGBE_VF_GET_PF_LINK_STATE mailbox operation (bsc#1247222). - ixgbevf: fix getting link speed data for E610 devices (bsc#1247222). - ixgbevf: fix mailbox API compatibility by negotiating supported features (bsc#1247222). - kbuild/modfinal: Link livepatches with module-common.o (bsc#1218644, bsc#1252270). - kdb: Replace deprecated strcpy() with memmove() in vkdb_printf() (bsc#1252939). - kernel-subpackage-spec: Do not doubly-sign modules (bsc#1251930). - nvme-auth: update sc_c in host response (git-fixes bsc#1249397). - perf hwmon_pmu: Fix uninitialized variable warning (perf-sle16-v6.13-userspace-update, git-fixes). - phy: cadence: cdns-dphy: Update calibration wait time for startup state machine (git-fixes). - powerpc/fadump: skip parameter area allocation when fadump is disabled (jsc#PED-9891 git-fixes). - proc: fix missing pde_set_flags() for net proc files (bsc#1248630) - proc: fix type confusion in pde_set_flags() (bsc#1248630) - rpm/check-for-config-changes: ignore CONFIG_SCHED_PROXY_EXEC, too (bsc#1250946) - scsi: storvsc: Prefer returning channel with the same CPU as on the I/O issuing CPU (bsc#1252267). - x86/microcode/AMD: Limit Entrysign signature checking to known generations (bsc#1252725). - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (bsc#1252734). - x86/resctrl: Refactor resctrl_arch_rmid_read() (bsc#1252734). - x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (jsc#PED-348). kernel-devel-6.12.0-160000.7.1.noarch.rpm True kernel-macros-6.12.0-160000.7.1.noarch.rpm True kernel-source-6.12.0-160000.7.1.noarch.rpm True kernel-source-vanilla-6.12.0-160000.7.1.noarch.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.aarch64.rpm True dtb-allwinner-6.12.0-160000.7.1.aarch64.rpm True dtb-altera-6.12.0-160000.7.1.aarch64.rpm True dtb-amazon-6.12.0-160000.7.1.aarch64.rpm True dtb-amd-6.12.0-160000.7.1.aarch64.rpm True dtb-amlogic-6.12.0-160000.7.1.aarch64.rpm True dtb-apm-6.12.0-160000.7.1.aarch64.rpm True dtb-apple-6.12.0-160000.7.1.aarch64.rpm True dtb-arm-6.12.0-160000.7.1.aarch64.rpm True dtb-broadcom-6.12.0-160000.7.1.aarch64.rpm True dtb-cavium-6.12.0-160000.7.1.aarch64.rpm True dtb-exynos-6.12.0-160000.7.1.aarch64.rpm True dtb-freescale-6.12.0-160000.7.1.aarch64.rpm True dtb-hisilicon-6.12.0-160000.7.1.aarch64.rpm True dtb-lg-6.12.0-160000.7.1.aarch64.rpm True dtb-marvell-6.12.0-160000.7.1.aarch64.rpm True dtb-mediatek-6.12.0-160000.7.1.aarch64.rpm True dtb-nvidia-6.12.0-160000.7.1.aarch64.rpm True dtb-qcom-6.12.0-160000.7.1.aarch64.rpm True dtb-renesas-6.12.0-160000.7.1.aarch64.rpm True dtb-rockchip-6.12.0-160000.7.1.aarch64.rpm True dtb-socionext-6.12.0-160000.7.1.aarch64.rpm True dtb-sprd-6.12.0-160000.7.1.aarch64.rpm True dtb-xilinx-6.12.0-160000.7.1.aarch64.rpm True cluster-md-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True dlm-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True gfs2-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-extra-6.12.0-160000.7.1.aarch64.rpm True kernel-64kb-optional-6.12.0-160000.7.1.aarch64.rpm True kselftests-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True ocfs2-kmp-64kb-6.12.0-160000.7.1.aarch64.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.aarch64.rpm True dlm-kmp-default-6.12.0-160000.7.1.aarch64.rpm True gfs2-kmp-default-6.12.0-160000.7.1.aarch64.rpm True kernel-default-6.12.0-160000.7.1.aarch64.rpm True kernel-default-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-default-extra-6.12.0-160000.7.1.aarch64.rpm True kernel-default-optional-6.12.0-160000.7.1.aarch64.rpm True kselftests-kmp-default-6.12.0-160000.7.1.aarch64.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.aarch64.rpm True kernel-docs-6.12.0-160000.7.1.noarch.rpm True kernel-docs-html-6.12.0-160000.7.1.noarch.rpm True kernel-kvmsmall-6.12.0-160000.7.1.aarch64.rpm True kernel-kvmsmall-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-obs-build-6.12.0-160000.7.1.aarch64.rpm True kernel-obs-qa-6.12.0-160000.7.1.aarch64.rpm True cluster-md-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True dlm-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True gfs2-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-devel-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-extra-6.12.0-160000.7.1.aarch64.rpm True kernel-rt-optional-6.12.0-160000.7.1.aarch64.rpm True kselftests-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True ocfs2-kmp-rt-6.12.0-160000.7.1.aarch64.rpm True kernel-syms-6.12.0-160000.7.1.aarch64.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True dlm-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True gfs2-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-devel-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-extra-6.12.0-160000.7.1.ppc64le.rpm True kernel-default-optional-6.12.0-160000.7.1.ppc64le.rpm True kselftests-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.ppc64le.rpm True kernel-kvmsmall-6.12.0-160000.7.1.ppc64le.rpm True kernel-kvmsmall-devel-6.12.0-160000.7.1.ppc64le.rpm True kernel-obs-build-6.12.0-160000.7.1.ppc64le.rpm True kernel-obs-qa-6.12.0-160000.7.1.ppc64le.rpm True kernel-syms-6.12.0-160000.7.1.ppc64le.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.s390x.rpm True dlm-kmp-default-6.12.0-160000.7.1.s390x.rpm True gfs2-kmp-default-6.12.0-160000.7.1.s390x.rpm True kernel-default-6.12.0-160000.7.1.s390x.rpm True kernel-default-devel-6.12.0-160000.7.1.s390x.rpm True kernel-default-extra-6.12.0-160000.7.1.s390x.rpm True kernel-default-optional-6.12.0-160000.7.1.s390x.rpm True kselftests-kmp-default-6.12.0-160000.7.1.s390x.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.s390x.rpm True kernel-obs-build-6.12.0-160000.7.1.s390x.rpm True kernel-obs-qa-6.12.0-160000.7.1.s390x.rpm True kernel-syms-6.12.0-160000.7.1.s390x.rpm True kernel-zfcpdump-6.12.0-160000.7.1.s390x.rpm True kernel-default-base-6.12.0-160000.6.1.160000.2.4.x86_64.rpm True cluster-md-kmp-default-6.12.0-160000.7.1.x86_64.rpm True dlm-kmp-default-6.12.0-160000.7.1.x86_64.rpm True gfs2-kmp-default-6.12.0-160000.7.1.x86_64.rpm True kernel-default-6.12.0-160000.7.1.x86_64.rpm True kernel-default-devel-6.12.0-160000.7.1.x86_64.rpm True kernel-default-extra-6.12.0-160000.7.1.x86_64.rpm True kernel-default-optional-6.12.0-160000.7.1.x86_64.rpm True kernel-default-vdso-6.12.0-160000.7.1.x86_64.rpm True kselftests-kmp-default-6.12.0-160000.7.1.x86_64.rpm True ocfs2-kmp-default-6.12.0-160000.7.1.x86_64.rpm True kernel-kvmsmall-6.12.0-160000.7.1.x86_64.rpm True kernel-kvmsmall-devel-6.12.0-160000.7.1.x86_64.rpm True kernel-kvmsmall-vdso-6.12.0-160000.7.1.x86_64.rpm True kernel-obs-build-6.12.0-160000.7.1.x86_64.rpm True kernel-obs-qa-6.12.0-160000.7.1.x86_64.rpm True cluster-md-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True dlm-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True gfs2-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-devel-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-extra-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-optional-6.12.0-160000.7.1.x86_64.rpm True kernel-rt-vdso-6.12.0-160000.7.1.x86_64.rpm True kselftests-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True ocfs2-kmp-rt-6.12.0-160000.7.1.x86_64.rpm True kernel-syms-6.12.0-160000.7.1.x86_64.rpm True openSUSE-Leap-16.0-59 Recommended update for the initial kernel livepatch important SUSE SLFO 1.2 This update contains initial livepatches for the SUSE Linux Enterprise Server 16.0 and SUSE Linux Micro 6.2 kernel update. kernel-livepatch-6_12_0-160000_7-default-1-160000.1.1.ppc64le.rpm True kernel-livepatch-6_12_0-160000_7-default-1-160000.1.1.s390x.rpm True kernel-livepatch-6_12_0-160000_7-default-1-160000.1.1.x86_64.rpm True kernel-livepatch-6_12_0-160000_7-rt-1-160000.1.1.x86_64.rpm True openSUSE-Leap-16.0-60 Recommended update for cyrus-sasl moderate SUSE SLFO 1.2 This update for cyrus-sasl fixes the following issues: - Fixed Python3 error log upon importing pycurl (bsc#1233529) cyrus-sasl-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-devel-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-otp-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-plain-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-scram-2.1.28-160000.3.1.aarch64.rpm libsasl2-3-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.aarch64.rpm cyrus-sasl-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-devel-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-otp-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-plain-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-scram-2.1.28-160000.3.1.ppc64le.rpm libsasl2-3-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.ppc64le.rpm cyrus-sasl-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-devel-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-otp-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-plain-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-scram-2.1.28-160000.3.1.s390x.rpm libsasl2-3-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.s390x.rpm cyrus-sasl-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-crammd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-devel-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-digestmd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-gs2-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-gssapi-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-ntlm-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-otp-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-plain-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-scram-2.1.28-160000.3.1.x86_64.rpm libsasl2-3-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-crammd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-devel-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-digestmd5-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-gs2-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-gssapi-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-ntlm-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-otp-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-plain-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-bdb-scram-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-ldap-auxprop-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-saslauthd-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-sqlauxprop-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-ldap-auxprop-bdb-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-saslauthd-bdb-2.1.28-160000.3.1.x86_64.rpm cyrus-sasl-sqlauxprop-bdb-2.1.28-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-61 Recommended update for libHBAAPI2 important SUSE SLFO 1.2 This update for libHBAAPI2 fixes the following issues: - use %license tag for COPYING (bsc#1252158) libHBAAPI2-2.2.10-160000.3.1.aarch64.rpm libHBAAPI2-devel-2.2.10-160000.3.1.aarch64.rpm libHBAAPI2-2.2.10-160000.3.1.ppc64le.rpm libHBAAPI2-devel-2.2.10-160000.3.1.ppc64le.rpm libHBAAPI2-2.2.10-160000.3.1.s390x.rpm libHBAAPI2-devel-2.2.10-160000.3.1.s390x.rpm libHBAAPI2-2.2.10-160000.3.1.x86_64.rpm libHBAAPI2-devel-2.2.10-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-62 Recommended update for the Linux Kernel RT (Live Patch 1 for SUSE Linux Enterprise 16) important SUSE SLFO 1.2 This update for the SUSE Linux Enterprise kernel 6.12.0-160000.6.1 fixes one issue The following non security issue was fixed: - Explicitly add module-common.c with vermagic and retpoline modinfo (bsc#1252270) kernel-livepatch-6_12_0-160000_6-rt-2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-63 Recommended update for python-PyQt6, python-PyQt6-sip, python-sip6 moderate SUSE SLFO 1.2 This update for python-PyQt6, python-PyQt6-sip, python-sip6 fixes the following issues: Changes in python-PyQt6: - Update to 6.9.1 * The licensing information now conforms to PEP 639. * Enums that have a base type smaller than int are now properly specified and handled. * Fixed a regression that broke building against versions of Qt older than v6.5. * Fixed pyuic6 to handle QIcons created from QIcon.ThemeIcon. Changes in python-PyQt6-sip: - Update to 13.10.2 * Match python3-sip6-devel 6.11.1 * Changes WRT PEP 639. See python-sip6 Changes in python-sip6: - Update to 6.12.0 - Convert to libalternatives on SLE-16-based and newer systems python313-PyQt6-6.9.1-160000.1.1.aarch64.rpm python313-PyQt6-devel-6.9.1-160000.1.1.aarch64.rpm python313-PyQt6-doc-6.9.1-160000.1.1.noarch.rpm python313-PyQt6-sip-13.10.2-160000.1.1.aarch64.rpm python313-sip6-devel-6.12.0-160000.1.1.noarch.rpm python313-PyQt6-6.9.1-160000.1.1.ppc64le.rpm python313-PyQt6-devel-6.9.1-160000.1.1.ppc64le.rpm python313-PyQt6-sip-13.10.2-160000.1.1.ppc64le.rpm python313-PyQt6-6.9.1-160000.1.1.s390x.rpm python313-PyQt6-devel-6.9.1-160000.1.1.s390x.rpm python313-PyQt6-sip-13.10.2-160000.1.1.s390x.rpm python313-PyQt6-6.9.1-160000.1.1.x86_64.rpm python313-PyQt6-devel-6.9.1-160000.1.1.x86_64.rpm python313-PyQt6-sip-13.10.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-64 Recommended update for saptune moderate SUSE SLFO 1.2 This update for saptune fixes the following issues: - Version update 3.2.1 - Restoring CPU performance settings on AWS and Google Cloud - Parameters force_latency and governor set up correctly (bsc#1250217). saptune-3.2.1-160000.1.1.ppc64le.rpm saptune-3.2.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-65 Security update for xwayland important SUSE SLFO 1.2 This update for xwayland fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation (bsc#1251958). - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal (bsc#1251959). - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap() (bsc#1251960). xwayland-24.1.6-160000.3.1.aarch64.rpm xwayland-devel-24.1.6-160000.3.1.aarch64.rpm xwayland-24.1.6-160000.3.1.ppc64le.rpm xwayland-devel-24.1.6-160000.3.1.ppc64le.rpm xwayland-24.1.6-160000.3.1.s390x.rpm xwayland-devel-24.1.6-160000.3.1.s390x.rpm xwayland-24.1.6-160000.3.1.x86_64.rpm xwayland-devel-24.1.6-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-66 Security update for libvirt moderate SUSE SLFO 1.2 This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed Information disclosure via world-readable VM snapshots (bsc#1253703) - CVE-2025-12748: Fixed Denial of service in XML parsing (bsc#1253278) Other fixes: - spec: Adjust dbus dependency (bsc#1253642) - qemu: Add support for Intel TDX (jsc#PED-9265) libvirt-11.4.0-160000.3.1.aarch64.rpm libvirt-client-11.4.0-160000.3.1.aarch64.rpm libvirt-client-qemu-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-common-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-lock-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-log-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.aarch64.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.aarch64.rpm libvirt-devel-11.4.0-160000.3.1.aarch64.rpm libvirt-doc-11.4.0-160000.3.1.noarch.rpm libvirt-libs-11.4.0-160000.3.1.aarch64.rpm libvirt-nss-11.4.0-160000.3.1.aarch64.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.aarch64.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.aarch64.rpm libvirt-11.4.0-160000.3.1.ppc64le.rpm libvirt-client-11.4.0-160000.3.1.ppc64le.rpm libvirt-client-qemu-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-common-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-lock-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-log-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.ppc64le.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.ppc64le.rpm libvirt-devel-11.4.0-160000.3.1.ppc64le.rpm libvirt-libs-11.4.0-160000.3.1.ppc64le.rpm libvirt-nss-11.4.0-160000.3.1.ppc64le.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.ppc64le.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.ppc64le.rpm libvirt-11.4.0-160000.3.1.s390x.rpm libvirt-client-11.4.0-160000.3.1.s390x.rpm libvirt-client-qemu-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-common-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-lock-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-log-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.s390x.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.s390x.rpm libvirt-devel-11.4.0-160000.3.1.s390x.rpm libvirt-libs-11.4.0-160000.3.1.s390x.rpm libvirt-nss-11.4.0-160000.3.1.s390x.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.s390x.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.s390x.rpm libvirt-11.4.0-160000.3.1.x86_64.rpm libvirt-client-11.4.0-160000.3.1.x86_64.rpm libvirt-client-qemu-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-common-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-config-network-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-config-nwfilter-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-network-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-nodedev-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-nwfilter-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-qemu-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-secret-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-core-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-disk-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-iscsi-direct-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-logical-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-mpath-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-driver-storage-scsi-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-hooks-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-lock-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-log-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-plugin-lockd-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-proxy-11.4.0-160000.3.1.x86_64.rpm libvirt-daemon-qemu-11.4.0-160000.3.1.x86_64.rpm libvirt-devel-11.4.0-160000.3.1.x86_64.rpm libvirt-libs-11.4.0-160000.3.1.x86_64.rpm libvirt-nss-11.4.0-160000.3.1.x86_64.rpm libvirt-ssh-proxy-11.4.0-160000.3.1.x86_64.rpm wireshark-plugin-libvirt-11.4.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-67 Recommended update for read-only-root-fs moderate SUSE SLFO 1.2 This update for read-only-root-fs fixes the following issues: - Add additional check in %post to prevent generating the btrfs /etc subvolume during a KIWI run (bsc#1250133) read-only-root-fs-1.0+git20250708.3eed5de-160000.3.1.noarch.rpm read-only-root-fs-volatile-1.0+git20250708.3eed5de-160000.3.1.noarch.rpm openSUSE-Leap-16.0-68 Recommended update for numatop important SUSE SLFO 1.2 This update for numatop fixes the following issues: - Fix segmentation fault in the latency view (bsc#1248317) - Fix inability to start on processors with more than 256 CPUs per NUMA node (bsc#1247358) - Switch to ncursesw6 numatop-2.5.1-160000.1.1.ppc64le.rpm numatop-2.5.1-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-69 Recommended update for SAPHanaSR-angi important SUSE SLFO 1.2 This update for SAPHanaSR-angi fixes the following issues: - Version update: 1.2.12. - saphana_monitor send OCF_NOT_RUNNING for PROBES, when workload is down AND clone-flag is "DEMOTED". This allows crm_mon to show proper status (bsc#1245661). - SAPHanaSR-showAttr is now supporting hostnames containing dashes (bsc#1236893). - Enhance fencing behavior in case of FAST-STOP. Trigger fencing when running into timeouts or getting lss==0; in case of Scale-Out score the nameserver slave higher than a possible secondary takeover candidate to delay it until the current primary is completely down (bsc#1250160). - Basic tool improving for a better support of life and post mortem analysis. - Updated man pages SAPHanaSR-angi-1.2.12-160000.1.1.noarch.rpm openSUSE-Leap-16.0-7 Recommended update for busybox moderate SUSE SLFO 1.2 This update for busybox fixes the following issues: - Fix adduser inside containers on an SELinux host (boo#1247779): - Don't throw debug info away during build, let RPM separate it afterwards - fix mkdir path to point to /usr/bin instead of /bin busybox-1.37.0-160000.3.1.aarch64.rpm busybox-static-1.37.0-160000.3.1.aarch64.rpm busybox-warewulf3-1.37.0-160000.3.1.aarch64.rpm busybox-1.37.0-160000.3.1.ppc64le.rpm busybox-static-1.37.0-160000.3.1.ppc64le.rpm busybox-1.37.0-160000.3.1.s390x.rpm busybox-static-1.37.0-160000.3.1.s390x.rpm busybox-1.37.0-160000.3.1.x86_64.rpm busybox-static-1.37.0-160000.3.1.x86_64.rpm busybox-warewulf3-1.37.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-70 Recommended update for aws-cli-cmd moderate SUSE SLFO 1.2 This update for aws-cli-cmd fixes the following issues: Changes in aws-cli-cmd: - Update postun scriplet (bsc#1253743) - Do not run the postun scriptlet on upgrade as it will remove the just created command. aws-cli-cmd-1.36.2-160000.1.1.noarch.rpm openSUSE-Leap-16.0-71 Recommended update for qemu important SUSE SLFO 1.2 This update for qemu fixes the following issues: Changes in qemu: - Update to version 10.0.4 - Support for Intel TDX (jsc#PED-9266) - rpm/spec: qemu-vgabios is required on ppc (bsc#1230042) qemu-10.0.4-160000.1.1.aarch64.rpm qemu-SLOF-10.0.4-160000.1.1.noarch.rpm qemu-accel-qtest-10.0.4-160000.1.1.aarch64.rpm qemu-arm-10.0.4-160000.1.1.aarch64.rpm qemu-audio-alsa-10.0.4-160000.1.1.aarch64.rpm qemu-audio-dbus-10.0.4-160000.1.1.aarch64.rpm qemu-audio-jack-10.0.4-160000.1.1.aarch64.rpm qemu-audio-oss-10.0.4-160000.1.1.aarch64.rpm qemu-audio-pa-10.0.4-160000.1.1.aarch64.rpm qemu-audio-pipewire-10.0.4-160000.1.1.aarch64.rpm qemu-audio-spice-10.0.4-160000.1.1.aarch64.rpm qemu-block-curl-10.0.4-160000.1.1.aarch64.rpm qemu-block-dmg-10.0.4-160000.1.1.aarch64.rpm qemu-block-gluster-10.0.4-160000.1.1.aarch64.rpm qemu-block-iscsi-10.0.4-160000.1.1.aarch64.rpm qemu-block-nfs-10.0.4-160000.1.1.aarch64.rpm qemu-block-rbd-10.0.4-160000.1.1.aarch64.rpm qemu-block-ssh-10.0.4-160000.1.1.aarch64.rpm qemu-chardev-baum-10.0.4-160000.1.1.aarch64.rpm qemu-chardev-spice-10.0.4-160000.1.1.aarch64.rpm qemu-doc-10.0.4-160000.1.1.noarch.rpm qemu-extra-10.0.4-160000.1.1.aarch64.rpm qemu-guest-agent-10.0.4-160000.1.1.aarch64.rpm qemu-headless-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.aarch64.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.aarch64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.aarch64.rpm qemu-hw-usb-host-10.0.4-160000.1.1.aarch64.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.aarch64.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.aarch64.rpm qemu-img-10.0.4-160000.1.1.aarch64.rpm qemu-ipxe-10.0.4-160000.1.1.noarch.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.aarch64.rpm qemu-ksm-10.0.4-160000.1.1.aarch64.rpm qemu-lang-10.0.4-160000.1.1.noarch.rpm qemu-microvm-10.0.4-160000.1.1.noarch.rpm qemu-ppc-10.0.4-160000.1.1.aarch64.rpm qemu-pr-helper-10.0.4-160000.1.1.aarch64.rpm qemu-s390x-10.0.4-160000.1.1.aarch64.rpm qemu-seabios-10.0.41.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-skiboot-10.0.4-160000.1.1.noarch.rpm qemu-spice-10.0.4-160000.1.1.aarch64.rpm qemu-tools-10.0.4-160000.1.1.aarch64.rpm qemu-ui-curses-10.0.4-160000.1.1.aarch64.rpm qemu-ui-dbus-10.0.4-160000.1.1.aarch64.rpm qemu-ui-gtk-10.0.4-160000.1.1.aarch64.rpm qemu-ui-opengl-10.0.4-160000.1.1.aarch64.rpm qemu-ui-spice-app-10.0.4-160000.1.1.aarch64.rpm qemu-ui-spice-core-10.0.4-160000.1.1.aarch64.rpm qemu-vgabios-10.0.41.16.3_3_g3d33c746-160000.1.1.noarch.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.aarch64.rpm qemu-x86-10.0.4-160000.1.1.aarch64.rpm qemu-linux-user-10.0.4-160000.1.1.aarch64.rpm qemu-10.0.4-160000.1.1.ppc64le.rpm qemu-accel-qtest-10.0.4-160000.1.1.ppc64le.rpm qemu-arm-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-alsa-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-dbus-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-jack-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-oss-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-pa-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-pipewire-10.0.4-160000.1.1.ppc64le.rpm qemu-audio-spice-10.0.4-160000.1.1.ppc64le.rpm qemu-block-curl-10.0.4-160000.1.1.ppc64le.rpm qemu-block-dmg-10.0.4-160000.1.1.ppc64le.rpm qemu-block-gluster-10.0.4-160000.1.1.ppc64le.rpm qemu-block-iscsi-10.0.4-160000.1.1.ppc64le.rpm qemu-block-nfs-10.0.4-160000.1.1.ppc64le.rpm qemu-block-rbd-10.0.4-160000.1.1.ppc64le.rpm qemu-block-ssh-10.0.4-160000.1.1.ppc64le.rpm qemu-chardev-baum-10.0.4-160000.1.1.ppc64le.rpm qemu-chardev-spice-10.0.4-160000.1.1.ppc64le.rpm qemu-extra-10.0.4-160000.1.1.ppc64le.rpm qemu-guest-agent-10.0.4-160000.1.1.ppc64le.rpm qemu-headless-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-usb-host-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.ppc64le.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.ppc64le.rpm qemu-img-10.0.4-160000.1.1.ppc64le.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.ppc64le.rpm qemu-ksm-10.0.4-160000.1.1.ppc64le.rpm qemu-ppc-10.0.4-160000.1.1.ppc64le.rpm qemu-pr-helper-10.0.4-160000.1.1.ppc64le.rpm qemu-s390x-10.0.4-160000.1.1.ppc64le.rpm qemu-spice-10.0.4-160000.1.1.ppc64le.rpm qemu-tools-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-curses-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-dbus-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-gtk-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-opengl-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-spice-app-10.0.4-160000.1.1.ppc64le.rpm qemu-ui-spice-core-10.0.4-160000.1.1.ppc64le.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.ppc64le.rpm qemu-x86-10.0.4-160000.1.1.ppc64le.rpm qemu-linux-user-10.0.4-160000.1.1.ppc64le.rpm qemu-10.0.4-160000.1.1.s390x.rpm qemu-accel-qtest-10.0.4-160000.1.1.s390x.rpm qemu-arm-10.0.4-160000.1.1.s390x.rpm qemu-audio-alsa-10.0.4-160000.1.1.s390x.rpm qemu-audio-dbus-10.0.4-160000.1.1.s390x.rpm qemu-audio-jack-10.0.4-160000.1.1.s390x.rpm qemu-audio-oss-10.0.4-160000.1.1.s390x.rpm qemu-audio-pa-10.0.4-160000.1.1.s390x.rpm qemu-audio-pipewire-10.0.4-160000.1.1.s390x.rpm qemu-audio-spice-10.0.4-160000.1.1.s390x.rpm qemu-block-curl-10.0.4-160000.1.1.s390x.rpm qemu-block-dmg-10.0.4-160000.1.1.s390x.rpm qemu-block-gluster-10.0.4-160000.1.1.s390x.rpm qemu-block-iscsi-10.0.4-160000.1.1.s390x.rpm qemu-block-nfs-10.0.4-160000.1.1.s390x.rpm qemu-block-rbd-10.0.4-160000.1.1.s390x.rpm qemu-block-ssh-10.0.4-160000.1.1.s390x.rpm qemu-chardev-baum-10.0.4-160000.1.1.s390x.rpm qemu-chardev-spice-10.0.4-160000.1.1.s390x.rpm qemu-extra-10.0.4-160000.1.1.s390x.rpm qemu-guest-agent-10.0.4-160000.1.1.s390x.rpm qemu-headless-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.s390x.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.s390x.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.s390x.rpm qemu-hw-usb-host-10.0.4-160000.1.1.s390x.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.s390x.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.s390x.rpm qemu-img-10.0.4-160000.1.1.s390x.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.s390x.rpm qemu-ksm-10.0.4-160000.1.1.s390x.rpm qemu-ppc-10.0.4-160000.1.1.s390x.rpm qemu-pr-helper-10.0.4-160000.1.1.s390x.rpm qemu-s390x-10.0.4-160000.1.1.s390x.rpm qemu-spice-10.0.4-160000.1.1.s390x.rpm qemu-tools-10.0.4-160000.1.1.s390x.rpm qemu-ui-curses-10.0.4-160000.1.1.s390x.rpm qemu-ui-dbus-10.0.4-160000.1.1.s390x.rpm qemu-ui-gtk-10.0.4-160000.1.1.s390x.rpm qemu-ui-opengl-10.0.4-160000.1.1.s390x.rpm qemu-ui-spice-app-10.0.4-160000.1.1.s390x.rpm qemu-ui-spice-core-10.0.4-160000.1.1.s390x.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.s390x.rpm qemu-x86-10.0.4-160000.1.1.s390x.rpm qemu-linux-user-10.0.4-160000.1.1.s390x.rpm qemu-10.0.4-160000.1.1.x86_64.rpm qemu-accel-qtest-10.0.4-160000.1.1.x86_64.rpm qemu-arm-10.0.4-160000.1.1.x86_64.rpm qemu-audio-alsa-10.0.4-160000.1.1.x86_64.rpm qemu-audio-dbus-10.0.4-160000.1.1.x86_64.rpm qemu-audio-jack-10.0.4-160000.1.1.x86_64.rpm qemu-audio-oss-10.0.4-160000.1.1.x86_64.rpm qemu-audio-pa-10.0.4-160000.1.1.x86_64.rpm qemu-audio-pipewire-10.0.4-160000.1.1.x86_64.rpm qemu-audio-spice-10.0.4-160000.1.1.x86_64.rpm qemu-block-curl-10.0.4-160000.1.1.x86_64.rpm qemu-block-dmg-10.0.4-160000.1.1.x86_64.rpm qemu-block-gluster-10.0.4-160000.1.1.x86_64.rpm qemu-block-iscsi-10.0.4-160000.1.1.x86_64.rpm qemu-block-nfs-10.0.4-160000.1.1.x86_64.rpm qemu-block-rbd-10.0.4-160000.1.1.x86_64.rpm qemu-block-ssh-10.0.4-160000.1.1.x86_64.rpm qemu-chardev-baum-10.0.4-160000.1.1.x86_64.rpm qemu-chardev-spice-10.0.4-160000.1.1.x86_64.rpm qemu-extra-10.0.4-160000.1.1.x86_64.rpm qemu-guest-agent-10.0.4-160000.1.1.x86_64.rpm qemu-headless-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-qxl-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-virtio-gpu-pci-10.0.4-160000.1.1.x86_64.rpm qemu-hw-display-virtio-vga-10.0.4-160000.1.1.x86_64.rpm qemu-hw-s390x-virtio-gpu-ccw-10.0.4-160000.1.1.x86_64.rpm qemu-hw-usb-host-10.0.4-160000.1.1.x86_64.rpm qemu-hw-usb-redirect-10.0.4-160000.1.1.x86_64.rpm qemu-hw-usb-smartcard-10.0.4-160000.1.1.x86_64.rpm qemu-img-10.0.4-160000.1.1.x86_64.rpm qemu-ivshmem-tools-10.0.4-160000.1.1.x86_64.rpm qemu-ksm-10.0.4-160000.1.1.x86_64.rpm qemu-ppc-10.0.4-160000.1.1.x86_64.rpm qemu-pr-helper-10.0.4-160000.1.1.x86_64.rpm qemu-s390x-10.0.4-160000.1.1.x86_64.rpm qemu-spice-10.0.4-160000.1.1.x86_64.rpm qemu-tools-10.0.4-160000.1.1.x86_64.rpm qemu-ui-curses-10.0.4-160000.1.1.x86_64.rpm qemu-ui-dbus-10.0.4-160000.1.1.x86_64.rpm qemu-ui-gtk-10.0.4-160000.1.1.x86_64.rpm qemu-ui-opengl-10.0.4-160000.1.1.x86_64.rpm qemu-ui-spice-app-10.0.4-160000.1.1.x86_64.rpm qemu-ui-spice-core-10.0.4-160000.1.1.x86_64.rpm qemu-vhost-user-gpu-10.0.4-160000.1.1.x86_64.rpm qemu-vmsr-helper-10.0.4-160000.1.1.x86_64.rpm qemu-x86-10.0.4-160000.1.1.x86_64.rpm qemu-linux-user-10.0.4-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-72 Security update for tomcat11 important SUSE SLFO 1.2 This update for tomcat11 fixes the following issues: Update to Tomcat 11.0.13: - CVE-2025-55752: Fixed directory traversal via rewrite with possible RCE if PUT is enabled (bsc#1252753). - CVE-2025-55754: Fixed Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat (bsc#1252905). - CVE-2025-61795: Fixed temporary copies during the processing of multipart upload can lead to a denial of service (bsc#1252756). tomcat11-11.0.13-160000.1.1.noarch.rpm tomcat11-admin-webapps-11.0.13-160000.1.1.noarch.rpm tomcat11-doc-11.0.13-160000.1.1.noarch.rpm tomcat11-docs-webapp-11.0.13-160000.1.1.noarch.rpm tomcat11-el-6_0-api-11.0.13-160000.1.1.noarch.rpm tomcat11-embed-11.0.13-160000.1.1.noarch.rpm tomcat11-jsp-4_0-api-11.0.13-160000.1.1.noarch.rpm tomcat11-jsvc-11.0.13-160000.1.1.noarch.rpm tomcat11-lib-11.0.13-160000.1.1.noarch.rpm tomcat11-servlet-6_1-api-11.0.13-160000.1.1.noarch.rpm tomcat11-webapps-11.0.13-160000.1.1.noarch.rpm openSUSE-Leap-16.0-73 Recommended update for mdadm moderate SUSE SLFO 1.2 This update for mdadm fixes the following issues: - Version update 4.4+29.gf8bb524b. - Fix race condition between mdcheck_start.service and mdcheck_continue.service (bsc#1243443, bsc#1248097). - mdadm_env.sh ignoring MDADM_RAIDDEVICES if MDADM_SCAN is set (bsc#1229997). - Split off the Software RAID HOWTO into a -doc package. - Upstream bug fixes for mdadm (bsc#1253060). - _service: switch to tar_scm for better interoperabity with SLFO. - Fix systemd unit file handling in spec file (bnc#1207266). - Stop emitting %release into program binaries (bnc#1246806). - Add MAILFROM address to email envelope, avoid smtp auth errors (bsc#1241474). mdadm-4.4+29.gf8bb524b-160000.1.1.aarch64.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.aarch64.rpm mdadm-4.4+29.gf8bb524b-160000.1.1.ppc64le.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.ppc64le.rpm mdadm-4.4+29.gf8bb524b-160000.1.1.s390x.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.s390x.rpm mdadm-4.4+29.gf8bb524b-160000.1.1.x86_64.rpm mdadm-doc-4.4+29.gf8bb524b-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-74 Recommended update for libnxz moderate SUSE SLFO 1.2 This update for libnxz fixes the following issues: Update to version 0.64+git4.2f1ae54: * lib/nx_crc : Fix compile error with gcc15 * Changed README.md instructions to substitute zlib libnxz-devel-0.64+git4.2f1ae54-160000.1.1.ppc64le.rpm libnxz0-0.64+git4.2f1ae54-160000.1.1.ppc64le.rpm openSUSE-Leap-16.0-75 Optional update for java-25-openjdk moderate SUSE SLFO 1.2 This update for java-25-openjdk fixes the following issues: Adds the Java OpenJDK in version 25. java-25-openjdk-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-javadoc-25.0.1.0-160000.1.1.noarch.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.aarch64.rpm java-25-openjdk-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.ppc64le.rpm java-25-openjdk-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.s390x.rpm java-25-openjdk-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-demo-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-devel-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-headless-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-jmods-25.0.1.0-160000.1.1.x86_64.rpm java-25-openjdk-src-25.0.1.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-76 Recommended update for urw-base35-fonts moderate SUSE SLFO 1.2 This update for urw-base35-fonts fixes the following issues: Changes in urw-base35-fonts: - Add provides for recently obsoleted packages ghostscript-fonts-std-converted and xorg-x11-fonts-converted urw-base35-fonts-20200910-160000.3.1.noarch.rpm urw-base35-fonts-C059-20200910-160000.3.1.noarch.rpm urw-base35-fonts-D050000L-20200910-160000.3.1.noarch.rpm urw-base35-fonts-NimbusMonoPS-20200910-160000.3.1.noarch.rpm urw-base35-fonts-NimbusRoman-20200910-160000.3.1.noarch.rpm urw-base35-fonts-NimbusSans-20200910-160000.3.1.noarch.rpm urw-base35-fonts-P052-20200910-160000.3.1.noarch.rpm urw-base35-fonts-StandardSymbolsPS-20200910-160000.3.1.noarch.rpm urw-base35-fonts-URWBookman-20200910-160000.3.1.noarch.rpm urw-base35-fonts-URWGothic-20200910-160000.3.1.noarch.rpm urw-base35-fonts-Z003-20200910-160000.3.1.noarch.rpm openSUSE-Leap-16.0-77 Recommended update for gpgme important SUSE SLFO 1.2 This update for gpgme fixes the following issues: - Treat empty DISPLAY variable as unset (bsc#1252425, bsc#1231055) * To avoid gpgme constructing an invalid gpg command line when the DISPLAY variable is empty it can be treated as unset. * Reported upstream: dev.gnupg.org/T7919 gpgme-1.24.3-160000.3.1.aarch64.rpm libgpgme-devel-1.24.3-160000.3.1.aarch64.rpm libgpgme11-1.24.3-160000.3.1.aarch64.rpm libgpgmepp-devel-1.24.3-160000.3.1.aarch64.rpm libgpgmepp6-1.24.3-160000.3.1.aarch64.rpm python313-gpg-1.24.3-160000.3.1.aarch64.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.aarch64.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.aarch64.rpm gpgme-1.24.3-160000.3.1.ppc64le.rpm libgpgme-devel-1.24.3-160000.3.1.ppc64le.rpm libgpgme11-1.24.3-160000.3.1.ppc64le.rpm libgpgmepp-devel-1.24.3-160000.3.1.ppc64le.rpm libgpgmepp6-1.24.3-160000.3.1.ppc64le.rpm python313-gpg-1.24.3-160000.3.1.ppc64le.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.ppc64le.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.ppc64le.rpm gpgme-1.24.3-160000.3.1.s390x.rpm libgpgme-devel-1.24.3-160000.3.1.s390x.rpm libgpgme11-1.24.3-160000.3.1.s390x.rpm libgpgmepp-devel-1.24.3-160000.3.1.s390x.rpm libgpgmepp6-1.24.3-160000.3.1.s390x.rpm python313-gpg-1.24.3-160000.3.1.s390x.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.s390x.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.s390x.rpm gpgme-1.24.3-160000.3.1.x86_64.rpm libgpgme-devel-1.24.3-160000.3.1.x86_64.rpm libgpgme11-1.24.3-160000.3.1.x86_64.rpm libgpgmepp-devel-1.24.3-160000.3.1.x86_64.rpm libgpgmepp6-1.24.3-160000.3.1.x86_64.rpm python313-gpg-1.24.3-160000.3.1.x86_64.rpm libqgpgmeqt6-15-1.24.3-160000.3.1.x86_64.rpm libqgpgmeqt6-devel-1.24.3-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-78 Recommended update for libnbd moderate SUSE SLFO 1.2 This update for libnbd fixes the following issues: - Fix libnbd: Unsanitized hostnames in nbd+ssh URIs allow remote execution (bsc#1253059) libnbd-1.22.2-160000.3.1.aarch64.rpm libnbd-bash-completion-1.22.2-160000.3.1.noarch.rpm libnbd-devel-1.22.2-160000.3.1.aarch64.rpm libnbd0-1.22.2-160000.3.1.aarch64.rpm nbdfuse-1.22.2-160000.3.1.aarch64.rpm python3-libnbd-1.22.2-160000.3.1.aarch64.rpm libnbd-1.22.2-160000.3.1.ppc64le.rpm libnbd-devel-1.22.2-160000.3.1.ppc64le.rpm libnbd0-1.22.2-160000.3.1.ppc64le.rpm nbdfuse-1.22.2-160000.3.1.ppc64le.rpm python3-libnbd-1.22.2-160000.3.1.ppc64le.rpm libnbd-1.22.2-160000.3.1.s390x.rpm libnbd-devel-1.22.2-160000.3.1.s390x.rpm libnbd0-1.22.2-160000.3.1.s390x.rpm nbdfuse-1.22.2-160000.3.1.s390x.rpm python3-libnbd-1.22.2-160000.3.1.s390x.rpm libnbd-1.22.2-160000.3.1.x86_64.rpm libnbd-devel-1.22.2-160000.3.1.x86_64.rpm libnbd0-1.22.2-160000.3.1.x86_64.rpm nbdfuse-1.22.2-160000.3.1.x86_64.rpm python3-libnbd-1.22.2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-79 Security update for dovecot24 moderate SUSE SLFO 1.2 This update for dovecot24 fixes the following issues: - Update dovecot to 2.4.2: - CVE-2025-30189: Fixed users cached with same cache key when auth cache was enabled (bsc#1252839) - Changes - auth: Remove proxy_always field. - config: Change settings history parsing to use python3. - doveadm: Print table formatter - Print empty values as "-". - imapc: Propagate remote error codes properly. - lda: Default mail_home=$HOME environment if not using userdb lookup - lib-dcrypt: Salt for new version 2 keys has been increased to 16 bytes. - lib-dregex: Add libpcre2 based regular expression support to Dovecot, if the library is missing, disable all regular expressions. This adds libpcre2-32 as build dependency. - lib-oauth2: jwt - Allow nbf and iat to point 1 second into future. - lib: Replace libicu with our own unicode library. Removes libicu as build dependency. - login-common: If proxying fails due to remote having invalid SSL cert, don't reconnect. - New features - auth: Add ssl_client_cert_fp and ssl_client_cert_pubkey_fp fields - config: Add support for $SET:filter/path/setting. - config: Improve @group includes to work with overwriting their settings. - doveadm kick: Add support for kicking multiple usernames - doveadm mailbox status: Add support for deleted status item. - imap, imap-client: Add experimental partial IMAP4rev2 support. - imap: Implement support for UTF8=ACCEPT for APPEND - lib-oauth2, oauth2: Add oauth2_token_expire_grace setting. - lmtp: lmtp-client - Support command pipelining. - login-common: Support local/remote blocks better. - master: accept() unix/inet connections before creating child process to handle it. This reduces timeouts when child processes are slow to spawn themselves. - Bug fixes - SMTPUTF8 was accepted even when it wasn't enabled. - auth, *-login: Direct logging with -L parameter was not working. - auth: Crash occured when OAUTH token validation failed with oauth2_use_worker_with_mech=yes. - auth: Invalid field handling crashes were fixed. - auth: ldap - Potential crash could happen at deinit. - auth: mech-gssapi - Server sending empty initial response would cause errors. - auth: mech-winbind - GSS-SPNEGO mechanism was erroneously marked as - not accepting NUL. - config: Multiple issues with $SET handling has been fixed. - configure: Building without LDAP didn't work. - doveadm: If source user didn't exist, a crash would occur. - imap, pop3, submission, imap-urlauth: USER environment usage was broken when running standalone. - imap-hibernate: Statistics would get truncated on unhibernation. - imap: "SEARCH MIMEPART FILENAME ENDS" command could have accessed memory outside allocated buffer, resulting in a crash. - imapc: Fetching partial headers would cause other cached headers to be cached empty, breaking e.g. imap envelope responses when caching to disk. - imapc: Shared namespace's INBOX mailbox was not always uppercased. - imapc: imapc_features=guid-forced GUID generation was not working correctly. - lda: USER environment was not accepted if -d hasn't been specified. - lib-http: http-url - Significant path percent encoding through parse and create was not preserved. This is mainly important for Dovecot's Lua bindings for lib-http. - lib-settings: Crash would occur when using %variables in SET_FILE type settings. - lib-storage: Attachment flags were attempted to be added for readonly mailboxes with mail_attachment_flags=add-flags. - lib-storage: Root directory for unusable shared namespaces was unnecessarily attempted to be created. - lib: Crash would occur when config was reloaded and logging to syslog. - login-common: Crash might have occured when login proxy was destroyed. - sqlite: The sqlite_journal_mode=wal setting didn't actually do anything. - Many other bugs have been fixed. - Update pigeonhole to 2.4.2 - Changes - lib-sieve: Use new regular expression library in core. - managesieve: Add default service_extra_groups=$SET:default_internal_group. - New features - lib-sieve: Add support for "extlists" extension. - lib-sieve: regex - Allow unicode comparator. - Bug fixes - lib-sieve-tool: sieve-tool - All sieve_script settings were overriden. - lib-sieve: storage: dict: sieve_script_dict filter was missing from settings. - sieve-ldap-storage: Fix compile without LDAP. dovecot24-2.4.2-160000.1.1.aarch64.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.aarch64.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.aarch64.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.aarch64.rpm dovecot24-devel-2.4.2-160000.1.1.aarch64.rpm dovecot24-fts-2.4.2-160000.1.1.aarch64.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.aarch64.rpm dovecot24-fts-solr-2.4.2-160000.1.1.aarch64.rpm dovecot24-2.4.2-160000.1.1.ppc64le.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.ppc64le.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.ppc64le.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.ppc64le.rpm dovecot24-devel-2.4.2-160000.1.1.ppc64le.rpm dovecot24-fts-2.4.2-160000.1.1.ppc64le.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.ppc64le.rpm dovecot24-fts-solr-2.4.2-160000.1.1.ppc64le.rpm dovecot24-2.4.2-160000.1.1.s390x.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.s390x.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.s390x.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.s390x.rpm dovecot24-devel-2.4.2-160000.1.1.s390x.rpm dovecot24-fts-2.4.2-160000.1.1.s390x.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.s390x.rpm dovecot24-fts-solr-2.4.2-160000.1.1.s390x.rpm dovecot24-2.4.2-160000.1.1.x86_64.rpm dovecot24-backend-mysql-2.4.2-160000.1.1.x86_64.rpm dovecot24-backend-pgsql-2.4.2-160000.1.1.x86_64.rpm dovecot24-backend-sqlite-2.4.2-160000.1.1.x86_64.rpm dovecot24-devel-2.4.2-160000.1.1.x86_64.rpm dovecot24-fts-2.4.2-160000.1.1.x86_64.rpm dovecot24-fts-flatcurve-2.4.2-160000.1.1.x86_64.rpm dovecot24-fts-solr-2.4.2-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-8 Recommended update for autofs critical SUSE SLFO 1.2 This update for autofs contains the following fixes: - Link against ldap.so instead of ldap_r.so; the former now provides thread-safety and the latter is a symlink which may not exist. (bsc#1249966) * drop previous patch now unnecessary. - Fix xmlStructuredErrorFunc callback parameter patch (bsc#1246612) to account for: * d2feac6784b6 autofs-5.1.6 - make autofs.a a shared library * bcd8e1b642e9 autofs-5.0.7 - use LIBS for link libraries autofs-5.1.9-160000.3.1.aarch64.rpm autofs-5.1.9-160000.3.1.ppc64le.rpm autofs-5.1.9-160000.3.1.s390x.rpm autofs-5.1.9-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-80 Security update for himmelblau important SUSE SLFO 1.2 This update for himmelblau fixes the following issues: - Update to version 0.9.23+git.0.9776141: * CVE-2025-59044: Fixed GID collision of same-name groups allowing privilege escalation (bsc#1250687) * deps(rust): bump the all-cargo-updates group * CVE-2025-58160: tracing-subscriber: Fixed log pollution (bsc#1249013) himmelblau-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm himmelblau-sshd-config-0.9.23+git.0.9776141-160000.1.1.noarch.rpm himmelblau-sso-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm pam-himmelblau-0.9.23+git.0.9776141-160000.1.1.aarch64.rpm himmelblau-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm himmelblau-qr-greeter-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm himmelblau-sso-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm libnss_himmelblau2-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm pam-himmelblau-0.9.23+git.0.9776141-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-81 Security update for openssh moderate SUSE SLFO 1.2 This update for openssh fixes the following issues: - CVE-2025-61984: code execution via control characters in usernames when a ProxyCommand is used (bsc#1251198). - CVE-2025-61985: code execution via '\0' character in ssh:// URI when a ProxyCommand is used (bsc#1251199). openssh-10.0p2-160000.3.1.aarch64.rpm openssh-cavs-10.0p2-160000.3.1.aarch64.rpm openssh-clients-10.0p2-160000.3.1.aarch64.rpm openssh-common-10.0p2-160000.3.1.aarch64.rpm openssh-helpers-10.0p2-160000.3.1.aarch64.rpm openssh-server-10.0p2-160000.3.1.aarch64.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.aarch64.rpm openssh-askpass-gnome-10.0p2-160000.3.1.aarch64.rpm openssh-10.0p2-160000.3.1.ppc64le.rpm openssh-cavs-10.0p2-160000.3.1.ppc64le.rpm openssh-clients-10.0p2-160000.3.1.ppc64le.rpm openssh-common-10.0p2-160000.3.1.ppc64le.rpm openssh-helpers-10.0p2-160000.3.1.ppc64le.rpm openssh-server-10.0p2-160000.3.1.ppc64le.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.ppc64le.rpm openssh-askpass-gnome-10.0p2-160000.3.1.ppc64le.rpm openssh-10.0p2-160000.3.1.s390x.rpm openssh-cavs-10.0p2-160000.3.1.s390x.rpm openssh-clients-10.0p2-160000.3.1.s390x.rpm openssh-common-10.0p2-160000.3.1.s390x.rpm openssh-helpers-10.0p2-160000.3.1.s390x.rpm openssh-server-10.0p2-160000.3.1.s390x.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.s390x.rpm openssh-askpass-gnome-10.0p2-160000.3.1.s390x.rpm openssh-10.0p2-160000.3.1.x86_64.rpm openssh-cavs-10.0p2-160000.3.1.x86_64.rpm openssh-clients-10.0p2-160000.3.1.x86_64.rpm openssh-common-10.0p2-160000.3.1.x86_64.rpm openssh-helpers-10.0p2-160000.3.1.x86_64.rpm openssh-server-10.0p2-160000.3.1.x86_64.rpm openssh-server-config-rootlogin-10.0p2-160000.3.1.x86_64.rpm openssh-askpass-gnome-10.0p2-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-82 Security update for java-21-openjdk important SUSE SLFO 1.2 This update for java-21-openjdk fixes the following issues: Update to upstream tag jdk-21.0.9+10 (October 2025 CPU): - CVE-2025-53066: Fixed enhance path factories (bsc#1252417). - CVE-2025-61748: Fixed enhance string handling (bsc#1252418). - CVE-2025-53057: Fixed enhance certificate handling (bsc#1252414). Other bug fixes: - Do not embed rebuild counter (bsc#1246806) java-21-openjdk-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-javadoc-21.0.9.0-160000.1.1.noarch.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.aarch64.rpm java-21-openjdk-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.ppc64le.rpm java-21-openjdk-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.s390x.rpm java-21-openjdk-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-demo-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-devel-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-headless-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-jmods-21.0.9.0-160000.1.1.x86_64.rpm java-21-openjdk-src-21.0.9.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-83 Recommended update for python-azure-agent important SUSE SLFO 1.2 This update for python-azure-agent fixes the following issues: - Fix dependencies for SLE 16 (bsc#1254129) * procps instead of sysvinit-tools - Update to version 2.14.0.1 (bsc#1253001) * FIPS 140-3 support * Block extensions disallowed by policy * Report ext policy errors in heartbeat * Implement signature validation helper functions * Prevent ssh public key override * Use proper filesystem creation flag for btrfs * Enable resource monitoring in cgroup v2 machines * Update agent cgroup cleanup * Add cgroupv2 distros to supported list * Clean old agent cgroup setup * Redact sas tokens in telemetry events and agent log * Add conf option to use hardcoded wireserver ip instead of dhcp request to discover wireserver ip * Support for python 3.12 * Update telemetry message for agent updates and send new telemetry for ext resource governance * Disable rsm downgrade * Add community support for Chainguard OS * Swap out legacycrypt for crypt-r for Python 3.13+ * Pin setuptools version * Set the agent config file path for FreeBSD * Handle errors importing crypt module - From 2.13.1.1 * Setup: Fix install_requires list syntax * Pickup latest goal state on tenant certificate rotation + Avoid infinite loop when the tenant certificate is missing * Fix unsupported syntax in py2.6 * Cgroup rewrite: uses systemctl for expressing desired configuration instead drop-in files * Remove usages of tempfile.mktemp * Use random time for attempting new Agent update * Enable logcollector in v2 machines * Clean history files * Missing firewall rules reason * Add support for nftables (+ refactoring of firewall code) * Create walinuxagent nftable atomically python-azure-agent-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-default-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-hpc-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-micro-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-config-server-2.14.0.1-160000.1.1.noarch.rpm python-azure-agent-test-2.14.0.1-160000.1.1.noarch.rpm openSUSE-Leap-16.0-84 Security update for java-17-openjdk important SUSE SLFO 1.2 This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.17+10 (October 2025 CPU): - CVE-2025-53066: Fixed enhance path factories (bsc#1252417). - CVE-2025-53057: Fixed enhance certificate handling (bsc#1252414). Other bug fixes: - Do not embed rebuild counter (bsc#1246806). java-17-openjdk-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-javadoc-17.0.17.0-160000.1.1.noarch.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.aarch64.rpm java-17-openjdk-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.ppc64le.rpm java-17-openjdk-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.s390x.rpm java-17-openjdk-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-demo-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-devel-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-headless-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-jmods-17.0.17.0-160000.1.1.x86_64.rpm java-17-openjdk-src-17.0.17.0-160000.1.1.x86_64.rpm openSUSE-Leap-16.0-85 Recommended update for drbd-utils moderate SUSE SLFO 1.2 This update for drbd-utils fixes the following issues: - [SELinux] nfs_drbd: * Fix: "fence-peer helper broken, returned 0" and nfs WRITE hang when power off the secondary node (bsc#1252991) - Allow domtrans from kernel_t to drbd_t (bsc#1252991) - Fix drbd_passive didn't start due to drbd.rules returning error (bsc#1247534) drbd-selinux-9.29.0-160000.3.1.aarch64.rpm drbd-utils-9.29.0-160000.3.1.aarch64.rpm drbd-selinux-9.29.0-160000.3.1.ppc64le.rpm drbd-utils-9.29.0-160000.3.1.ppc64le.rpm drbd-selinux-9.29.0-160000.3.1.s390x.rpm drbd-utils-9.29.0-160000.3.1.s390x.rpm drbd-selinux-9.29.0-160000.3.1.x86_64.rpm drbd-utils-9.29.0-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-86 Recommended update for suse-fonts moderate SUSE SLFO 1.2 This update for suse-fonts fixes the following issues: - Version update 2.001 - Added Black weight to SUSE family, with matching italics. - Introduced SUSE Mono variant (Thin → ExtraBold) with matching italics. - Added full Vietnamese coverage. - Implemented coding ligatures in SUSE Mono, optimized for terminal and coding environments. - Added PUA and emoji-trigger options for chameleon logo in Mono styles. - Updated vertical metrics, naming tables, and weight classes for consistency. - Refreshed Google Fonts specimen images to reflect expanded family. suse-fonts-2.001-160000.1.1.noarch.rpm openSUSE-Leap-16.0-89 Recommended update for ibus moderate SUSE SLFO 1.2 This update for ibus fixes the following issues: - Add an initial setup feature for Plasma Wayland * enables IBus as the active virtual keyboard on the first login, allowing users to input text using IBus without manual configuration * fix: Plasma + Wayland: input method does not start (bsc#1084804) * fix: IBus/Fcitx5 does not start automatically under Plasma Wayland out of the box (bsc#1246423) ibus-1.5.32-160000.3.1.aarch64.rpm ibus-devel-1.5.32-160000.3.1.aarch64.rpm ibus-dict-emoji-1.5.32-160000.3.1.noarch.rpm ibus-gtk-1.5.32-160000.3.1.aarch64.rpm ibus-gtk3-1.5.32-160000.3.1.aarch64.rpm ibus-lang-1.5.32-160000.3.1.noarch.rpm libibus-1_0-5-1.5.32-160000.3.1.aarch64.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.aarch64.rpm ibus-gtk4-1.5.32-160000.3.1.aarch64.rpm ibus-1.5.32-160000.3.1.ppc64le.rpm ibus-devel-1.5.32-160000.3.1.ppc64le.rpm ibus-gtk-1.5.32-160000.3.1.ppc64le.rpm ibus-gtk3-1.5.32-160000.3.1.ppc64le.rpm libibus-1_0-5-1.5.32-160000.3.1.ppc64le.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.ppc64le.rpm ibus-gtk4-1.5.32-160000.3.1.ppc64le.rpm ibus-1.5.32-160000.3.1.s390x.rpm ibus-devel-1.5.32-160000.3.1.s390x.rpm ibus-gtk-1.5.32-160000.3.1.s390x.rpm ibus-gtk3-1.5.32-160000.3.1.s390x.rpm libibus-1_0-5-1.5.32-160000.3.1.s390x.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.s390x.rpm ibus-gtk4-1.5.32-160000.3.1.s390x.rpm ibus-1.5.32-160000.3.1.x86_64.rpm ibus-devel-1.5.32-160000.3.1.x86_64.rpm ibus-gtk-1.5.32-160000.3.1.x86_64.rpm ibus-gtk3-1.5.32-160000.3.1.x86_64.rpm libibus-1_0-5-1.5.32-160000.3.1.x86_64.rpm typelib-1_0-IBus-1_0-1.5.32-160000.3.1.x86_64.rpm ibus-gtk4-1.5.32-160000.3.1.x86_64.rpm openSUSE-Leap-16.0-9 Optional update for mcphost moderate SUSE SLFO 1.2 This update for mcphost fixes the following issues: This adds mcphost in release 0.31.1. mcphost-0.31.1-160000.4.1.aarch64.rpm mcphost-0.31.1-160000.4.1.ppc64le.rpm mcphost-0.31.1-160000.4.1.s390x.rpm mcphost-0.31.1-160000.4.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-1 Security update for chromium critical openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 141.0.7390.76: * Do not send URLs as AIM input. This is to resolve a privacy concern, around passing urls to AI Mode. Chromium 141.0.7390.65 (boo#1251334): * CVE-2025-11458: Heap buffer overflow in Sync * CVE-2025-11460: Use after free in Storage * CVE-2025-11211: Out of bounds read in WebCodecs Chromium 141.0.7390.54 (stable released 2025-09-30) (boo#1250780) * CVE-2025-11205: Heap buffer overflow in WebGPU * CVE-2025-11206: Heap buffer overflow in Video * CVE-2025-11207: Side-channel information leakage in Storage * CVE-2025-11208: Inappropriate implementation in Media * CVE-2025-11209: Inappropriate implementation in Omnibox * CVE-2025-11210: Side-channel information leakage in Tab * CVE-2025-11211: Out of bounds read in Media * CVE-2025-11212: Inappropriate implementation in Media * CVE-2025-11213: Inappropriate implementation in Omnibox * CVE-2025-11215: Off by one error in V8 * CVE-2025-11216: Inappropriate implementation in Storage * CVE-2025-11219: Use after free in V8 * Various fixes from internal audits, fuzzing and other initiatives Chromium 141.0.7390.37 (beta released 2025-09-24) Chromium 140.0.7339.207 (boo#1250472) * CVE-2025-10890: Side-channel information leakage in V8 * CVE-2025-10891: Integer overflow in V8 * CVE-2025-10892: Integer overflow in V8 chromedriver-141.0.7390.76-bp160.1.1.aarch64.rpm chromium-141.0.7390.76-bp160.1.1.aarch64.rpm chromedriver-141.0.7390.76-bp160.1.1.ppc64le.rpm chromium-141.0.7390.76-bp160.1.1.ppc64le.rpm chromedriver-141.0.7390.76-bp160.1.1.x86_64.rpm chromium-141.0.7390.76-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-10 Security update for MozillaThunderbird important openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: Mozilla Thunderbird 140.3.0 ESR: * Right-clicking 'List-ID' -> 'Unsubscribe' created double encoded draft subject * Thunderbird could crash on startup * Thunderbird could crash when importing mail * Opening Website header link in RSS feed incorrectly re-encoded URL parameters MFSA 2025-78 (bsc#1249391) * CVE-2025-10527 Sandbox escape due to use-after-free in the Graphics: Canvas2D component * CVE-2025-10528 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component * CVE-2025-10529 Same-origin policy bypass in the Layout component * CVE-2025-10532 Incorrect boundary conditions in the JavaScript: GC component * CVE-2025-10533 Integer overflow in the SVG component * CVE-2025-10536 Information disclosure in the Networking: Cache component * CVE-2025-10537 Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 MozillaThunderbird-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.3.0-bp160.1.1.aarch64.rpm MozillaThunderbird-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.3.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.3.0-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.3.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.3.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.3.0-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-11 Security update for python-Django important openSUSE Backports SLE-16.0 This update for python-Django fixes the following issues: - CVE-2025-59681: Fixed a potential SQL injection in QuerySet.annotate(), alias(), aggregate(), and extra() on MySQL and MariaDB (boo#1250485) - CVE-2025-59682: Fixed a potential partial directory-traversal via archive.extract() (boo#1250487) python313-Django-5.2.4-bp160.3.1.noarch.rpm openSUSE-Leap-16.0-packagehub-13 Recommended update for openQA, os-autoinst moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst fixes the following issues: Changes in openQA: - Update to version 5.1761296552.ae7c17aa: * Add tests for file_security_policy * Pass parameter $is_userfile to log_url * Remove redirect and serve files as attachments if necessary * Serve files uploaded by tests via asset domain * Use direct link to subdomain for the test assets * Revert "Don't redirect to asset domain via /needles/ID/(image|json) route" * Revert "Don't redirect screenshots, thumbs and needles to files_domain" - Update to version 5.1761228068.a3a7f84d: * Dependency cron 2025-10-23 - Update to version 5.1761037330.ad78558e: * Avoid needless check for number of clones * Avoid creation of `git_clone` tasks for jobs with empty `DISTRI` - Update to version 5.1760515610.a802d1dd: * Lower the prio of archiving jobs to avoid piling up finalize jobs * Add signatures in Schema::Result::ApiKeys - Update to version 5.1760245411.e3aeaaec: * Dependency cron 2025-10-12 - Update to version 5.1760108577.fd2f2a48: * Log unavailability due to high load only as warning * Filter job stats of scheduled products also by arch and build * Document how to disable image optimizations * Make image optimization errors stop the job producing an incomplete job * Improve wording in description about job stats API * Run `optipng` for real and handle errors if it fails - Update to version 5.1759912962.689b31ed: * Avoid failing `obs_rsync_run` jobs when restarting `openqa-gru.service` - Update to version 5.1759834744.06a7028a: * parser: ktap: Return earlier if subtest result is SKIP * parser: ktap: Fallback to subtest index if name is not available - Update to version 5.1759440640.bb989cab: * Don't redirect to asset domain via /needles/ID/(image|json) route - Update to version 5.1759402042.49e912c3: * Introduce array job settings * Retry `obs_rsync_update_*` tasks if Gru service terminates - Update to version 5.1759329378.3b8e8685: * Reduce the number of required checks for Mergify again * Ensure a failing cache service is seen as such by the worker/scheduler - Update to version 5.1759248257.70b23b32: * Increase number of successful checks in Mergify config again * Disable Helm Chart CI checks temporarily * Consider all jobs for cleanup, not just jobs that were executed * Verify job deletion when dependent job present - Update to version 5.1759149505.49c40b0b: * Use always the latest PostgreSQL image in Compose and documentation * Update the PostgreSQL version in the contributing documentation * Update PostgreSQL data path in Docker Compose file after updating to v18 * Specify PostgreSQL version in Docker Compose configuration explicitly * mergify: Allow more time for dependabot update reaction * Remove version property from docker-compose * README: Fix openQA badge after switch to UEFI * build(deps-dev): bump eslint from 9.35.0 to 9.36.0 - Update to version 5.1758910696.7549bb98: * Replace argument assignment with signatures on ObsRsync/Task * Enable automatic dependabot updates again after improvements * docs: Add instructions for a continuous dashboard setup * Replace argument assignment with signatures Folders package * Fully cover WebAPI::Plugin::ObsRsync::Controller::Folders * script: Also use OPENQA_WEBUI_MODE for related services - Update to version 5.1758814503.03d923a4: * Use Mojo::File in Worker for is_qemu_running * Use Mojo::File in Worker for meminfo * Document archiving of important jobs - Update to version 5.1758729450.b88c0b40: * Reject jobs if worker is broken when receiving a new job - Update to version 5.1758711845.e5c02221: * script: Allow to configure openQA mode * t: run at least once Memorylimit register with max_rss_limit > 0 * Replace argument assignation with signatures on MemoryLimit Changes in os-autoinst: - Update to version 5.1761036042.c43e4ab: * Update perltidy * Allow redirects in needle NeedleDownloader * Don't overwrite firewall xml * Add UEFI support for ipxe kernel boot * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface - Update to version 5.1759328765.e7438f7: * Allow redirects in needle NeedleDownloader * Don't overwrite firewall xml * Add UEFI support for ipxe kernel boot * t: Use consistent Mojo::File in 08-autotest as well * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface - Update to version 5.1759134946.e08d7c7: * Add UEFI support for ipxe kernel boot * t: Use consistent Mojo::File in 08-autotest as well * os-autoinst-setup-multi-machine: Simplify determine_ethernet_interface * os-autoinst-setup-multi-machine: Only call zypper when necessary * os-autoinst-setup-multi-machine: Improve network interface check openQA-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.aarch64.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.aarch64.rpm openQA-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.ppc64le.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.ppc64le.rpm openQA-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.s390x.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.s390x.rpm openQA-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-auto-update-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-client-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-common-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-devel-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-doc-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-local-db-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-mcp-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-munin-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-single-instance-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm openQA-worker-5.1761296552.ae7c17aa-bp160.1.1.x86_64.rpm os-autoinst-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1761036042.c43e4ab-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-14 Recommended update for product-composer moderate openSUSE Backports SLE-16.0 This update for product-composer fixes the following issues: Update to version 0.6.16: - merge updateinfo's with same id into one - error out on updateinfo with same id, but non-mergable content Update to version 0.6.15: * Support updateinfo handling in arch specific meta data Update to version 0.6.14: * option to disable joliet extensions on media * no joliet extensions on source and debug media anymore product-composer-0.6.16-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-15 Security update for MozillaThunderbird moderate openSUSE Backports SLE-16.0 This update for MozillaThunderbird fixes the following issues: Mozilla Thunderbird 140.4: * changed: Account Hub is now disabled by default for second email account * changed: Flatpak runtime has been updated to Freedesktop SDK 24.08 * fixed: Users could not read mail signed with OpenPGP v6 and PQC keys * fixed: Image preview in Insert Image dialog failed with CSP error for web resources * fixed: Emptying trash on exit did not work with some providers * fixed: Thunderbird could crash when applying filters * fixed: Users were unable to override expired mail server certificate * fixed: Opening Website header link in RSS feed incorrectly re-encoded URL parameters * fixed: Security fixes MFSA 2025-85 (bsc#1251263): * CVE-2025-11708 Use-after-free in MediaTrackGraphImpl::GetInstance() * CVE-2025-11709 Out of bounds read/write in a privileged process triggered by WebGL textures * CVE-2025-11710 Cross-process information leaked due to malicious IPC messages * CVE-2025-11711 Some non-writable Object properties could be modified * CVE-2025-11712 An OBJECT tag type attribute overrode browser behavior on web resources without a content-type * CVE-2025-11713 Potential user-assisted code execution in “Copy as cURL” command * CVE-2025-11714 Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 * CVE-2025-11715 Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 MozillaThunderbird-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.x86_64.rpm MozillaThunderbird-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.s390x.rpm MozillaThunderbird-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.ppc64le.rpm MozillaThunderbird-140.4.0-bp160.1.1.aarch64.rpm MozillaThunderbird-openpgp-librnp-140.4.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-common-140.4.0-bp160.1.1.aarch64.rpm MozillaThunderbird-translations-other-140.4.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-16 Recommended update for knot moderate openSUSE Backports SLE-16.0 This update for knot fixes the following issues: Changes in knot: - disable quic in stable releases due to the missing libraries update to version 3.5.1, see https://www.knot-dns.cz/2025-10-16-version-351.html update to version 3.5.0, see https://www.knot-dns.cz/2025-09-18-version-350.html update to version 3.4.8, see https://www.knot-dns.cz/2025-07-29-version-348.html Use the libngtcp2_crypto_gnutls-devel instead of libngtcp2-devel to account for the openssl and gnutls devel files split in ngtcp2. update to version 3.4.7, see https://www.knot-dns.cz/2025-06-04-version-347.html knot-3.5.1-bp160.1.1.x86_64.rpm knot-devel-3.5.1-bp160.1.1.x86_64.rpm knot-utils-3.5.1-bp160.1.1.x86_64.rpm libdnssec10-3.5.1-bp160.1.1.x86_64.rpm libknot16-3.5.1-bp160.1.1.x86_64.rpm libzscanner5-3.5.1-bp160.1.1.x86_64.rpm knot-3.5.1-bp160.1.1.s390x.rpm knot-devel-3.5.1-bp160.1.1.s390x.rpm knot-utils-3.5.1-bp160.1.1.s390x.rpm libdnssec10-3.5.1-bp160.1.1.s390x.rpm libknot16-3.5.1-bp160.1.1.s390x.rpm libzscanner5-3.5.1-bp160.1.1.s390x.rpm knot-3.5.1-bp160.1.1.ppc64le.rpm knot-devel-3.5.1-bp160.1.1.ppc64le.rpm knot-utils-3.5.1-bp160.1.1.ppc64le.rpm libdnssec10-3.5.1-bp160.1.1.ppc64le.rpm libknot16-3.5.1-bp160.1.1.ppc64le.rpm libzscanner5-3.5.1-bp160.1.1.ppc64le.rpm knot-3.5.1-bp160.1.1.aarch64.rpm knot-devel-3.5.1-bp160.1.1.aarch64.rpm knot-utils-3.5.1-bp160.1.1.aarch64.rpm libdnssec10-3.5.1-bp160.1.1.aarch64.rpm libknot16-3.5.1-bp160.1.1.aarch64.rpm libzscanner5-3.5.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-17 Security update for micropython moderate openSUSE Backports SLE-16.0 This update for micropython fixes the following issues: Changes in micropython: - Build with mbedtls-3.6.5 instead of bundled 3.6.2 to fix CVE-2025-59438 Version 1.26.0: * Added machine.I2CTarget for creating I2C target devices on multiple ports. * New MCU support: STM32N6xx (800 MHz, ML accel) & ESP32-C2 (WiFi + BLE). * Major float accuracy boost (~28% → ~98%), constant folding in compiler. * Optimized native/Viper emitters; reduced heap use for slices. * Time functions standardized (1970–2099); new boards across ESP32, SAMD, STM32, Zephyr. * ESP32: ESP-IDF 5.4.2, flash auto-detect, PCNT class, LAN8670 PHY. * RP2: compressed errors, better lightsleep, hard IRQ timers. * Zephyr v4.0.0: PWM, SoftI2C/SPI, BLE runtime services, boot.py/main.py support. * mpremote adds fs tree, improved df, portable config paths. * Updated lwIP, LittleFS, libhydrogen, stm32lib; expanded hardware/CI tests. micropython-1.26.0-bp160.1.1.x86_64.rpm mpremote-1.26.0-bp160.1.1.noarch.rpm mpy-tools-1.26.0-bp160.1.1.x86_64.rpm micropython-1.26.0-bp160.1.1.aarch64.rpm mpy-tools-1.26.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-18 Recommended update for amarok moderate openSUSE Backports SLE-16.0 This update for amarok fixes the following issues: Changes in amarok: - Update to version 3.3.1 * Enable saving and loading script console items, autocompletion in script console, and re-enable some more scripting functionality * Convert the remaining main UI toolbuttons to use icons from theme * Clear out remnants of the now-discontinued MusicDNS service * Fix example permission grant command in database settings (kde#386004) * Fix equalizer gains not updating when selecting some presets (kde#463908) * Fix continuing playback after timecoded tracks (cue files etc, (kde#270003) * Fix MusicBrainz search * Properly start CD playback if Amarok is not already running (kde#503310) * Also transmit embedded cover art through MPRIS (kde#357620) * Don't show transcoding dialog after canceling download (kde#275840) * Load network information earlier to avoid crashes on startup (kde#507497) * Try to export as-compatible-as-possible playlist files (kde#507329) * Fix some random crashes during playback amarok-3.3.1-bp160.1.1.x86_64.rpm amarok-doc-3.3.1-bp160.1.1.x86_64.rpm amarok-lang-3.3.1-bp160.1.1.noarch.rpm amarok-3.3.1-bp160.1.1.s390x.rpm amarok-doc-3.3.1-bp160.1.1.s390x.rpm amarok-3.3.1-bp160.1.1.ppc64le.rpm amarok-doc-3.3.1-bp160.1.1.ppc64le.rpm amarok-3.3.1-bp160.1.1.aarch64.rpm amarok-doc-3.3.1-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-19 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 142.0.7444.134 (boo#1253089): * CVE-2025-12725: Out of bounds write in WebGPU * CVE-2025-12726: Inappropriate implementation in Views * CVE-2025-12727: Inappropriate implementation in V8 * CVE-2025-12728: Inappropriate implementation in Omnibox * CVE-2025-12729: Inappropriate implementation in Omnibox chromedriver-142.0.7444.59-bp160.1.1.x86_64.rpm chromium-142.0.7444.59-bp160.1.1.x86_64.rpm chromedriver-142.0.7444.59-bp160.1.1.ppc64le.rpm chromium-142.0.7444.59-bp160.1.1.ppc64le.rpm chromedriver-142.0.7444.59-bp160.1.1.aarch64.rpm chromium-142.0.7444.59-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-20 Recommended update for product-composer moderate openSUSE Backports SLE-16.0 This update for product-composer fixes the following issues: Update to version 0.6.17: - fix multiarch media handling of updateinfo id's product-composer-0.6.17-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-22 Security update for certbot important openSUSE Backports SLE-16.0 This update for certbot fixes the following issues: This update adds the certbot stack. (python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339). python313-ConfigArgParse-1.7-bp160.1.1.noarch.rpm python313-acme-5.1.0-bp160.1.1.noarch.rpm python313-certbot-5.1.0-bp160.1.1.noarch.rpm python313-certbot-nginx-5.1.0-bp160.1.1.noarch.rpm python313-josepy-2.2.0-bp160.1.1.noarch.rpm python313-pyRFC3339-2.0.1-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-23 Recommended update for quilt important openSUSE Backports SLE-16.0 This update for quilt fixes the following issues: Changes in quilt: Update to version 0.69: * Fix escaping of % and backslash in patch names * new: Stop claiming support of option -p ab * patches: Several performance optimizations * series: Simplify the code - Make it possible to run "quilt setup" on a spec file which excludes the local architecture (boo#1238516). - Fix building noarch packages with rpm >= 4.20 (boo#1236907). - Make it possible to preprocess spec files which do not comply with the standard. Most notably multibuild OBS spec files need to be preprocessed. Use option "--spec-filter=obs" for these (boo#1236907). - Detect the change of build root path hierarchy introduced by rpm 4.20 (boo#1236907). - Install the bash completion file to the right directory (reported by rpmlint). quilt-0.68-bp160.1.12.noarch.rpm openSUSE-Leap-16.0-packagehub-24 Security update for chromium important openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Changes in chromium: Chromium 142.0.7444.175 (boo#1253698): * CVE-2025-13223: Type Confusion in V8 * CVE-2025-13224: Type Confusion in V8 chromedriver-142.0.7444.162-bp160.1.1.x86_64.rpm chromium-142.0.7444.162-bp160.1.1.x86_64.rpm chromedriver-142.0.7444.162-bp160.1.1.ppc64le.rpm chromium-142.0.7444.162-bp160.1.1.ppc64le.rpm chromedriver-142.0.7444.162-bp160.1.1.aarch64.rpm chromium-142.0.7444.162-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-25 Recommended update for nmon moderate openSUSE Backports SLE-16.0 This update for nmon fixes the following issues: Changes in nmon: - Increase CPU MAX to 2048 (bsc#1247368) update to 16q: * bugfixes * POWER pool_capacity now correctly divided by 100. * Online view POWER Welcome panel on POWER reports the top MHz Small changes only: * Boottime shown online in the Kernel "k" panel * Utilisation stats: /proc/stat now reports 10 Utilisation stats * Bug caused Seg Faults core dumps fixed while collecting to a * Fix: Improved memory handling for extreme numbers of processes (1000's) or rapid exec of processes (100's in a millisecond) for large Linux servers. We have examples on Intel of 80 CPU * Online Dot "." command no longer also changes what is displayed as users said it was confusing. * Minor online start-up flash screen text changes to include C concise CPU stats and U for full Utilisation stats (all 10 of them) instead of a file. * Copyright and GPL v3 notice in the code plus online "h" and * Source code re-indented. * Fixes for Welcome screen on Mainframe * Fixed for Curses handling when collecting data to file - big bug for main frame and x86. * Fixes for Welcome screen on Mainframe * Fixed for Curses handling when collecting data to file - big bug for main frame and x86. + You need a S822LC With NVIDIA GPU(s) and Nvidia Library installed libnvidia-ml.so * CPU Wide View - online view for up to 192 CPUs * CPU MHz per Core ratings for machine that allow cores with different MHz - online & saved to file * lscpu stats capture - online & to file * Z experiment mode showing CPU interrupts - Renamed U stats in version 16b - online only * Online colourising stats to aid usability - online only * Massive improvement in help information: nmon -? and nmon -h * Code change to alphabetic order for getopt() and key input * New nmon logo on flash screen - online only * Extra kernel stats - online only nmon-16q-bp160.1.1.aarch64.rpm nmon-16q-bp160.1.1.ppc64le.rpm nmon-16q-bp160.1.1.s390x.rpm nmon-16q-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-26 Recommended update for synce4l moderate openSUSE Backports SLE-16.0 This update for synce4l fixes the following issues: synce4l was updated to 1.1.1: * fix possible resource leak * fix requested thread stack size * fix scorecard.yml * initialize pin ID to -1 * fix crash in dpll_rt_recv() * create scorecard.yml * unlink smc_socket_path before binding * check smc_socket_path length * change default smc_socket_path to /run/synce4l_socket * fix more compiler warnings - Initial packaging of version 1.0.0. synce4l-1.1.1-bp160.1.1.aarch64.rpm synce4l-1.1.1-bp160.1.1.ppc64le.rpm synce4l-1.1.1-bp160.1.1.s390x.rpm synce4l-1.1.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-28 Recommended update for product-composer moderate openSUSE Backports SLE-16.0 This update for product-composer fixes the following issues: Changes in product-composer: Update to version 0.6.18: - Fix filtering of not used rpms in updateinfo product-composer-0.6.18-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-29 Recommended update for gramps moderate openSUSE Backports SLE-16.0 This update for gramps fixes the following issues: Changes in gramps: Update to version 6.0.3: * Revert “Pass an object rather than a handle to the note editor callback”. Fixes #13884. * Update translations. Update to version 6.0.2; * Fix date modifiers for lt. * Update translation template for new release. * Add optimization to HasIdOf rules. * Connect the Help button in the repository reference editor. Fixes #13352. * Pass an object rather than a handle to the note editor callback. Fixes #13702. * Fix broken compound dates with bce year in XML import. Fixes #13631. * Avoid multiple copies of Rules after Plugin manager reload. Fixes #13844. * Fix bad surname list after upgrade from bsddb. Fixes #13807. * Fix narrated web when two places have same name but a different type. Fixes #13841. * Fix crash in citation view due to wrong filter_info. Fixes #13796. * Don’t attempt to call set_orientation if self.pui is None. Fixes #13820. * Don’t crash in search_changed if self.search_list has no active item. Fixes #13793. * Fix incorrect addons project after upgrade from Gramps 5.2. Fixes #13789. * Respect user choice of CSS files for existing narrated web site. Fixes #13792. * Ensure that the spell checker gets removed with the editor. Fixes #13795. * Fix Optimizer class when combining sub-filters. Fixes #13799. * Remove check for Gtk translations in Snap packages. * Update translations. Update to version 6.0.1: * Update translations: ar, br, ca, cs, de, de_AT, el, en_GB, es, fi, fr, ga, he, it, ja, ko, nb, nl, pl, pt_PT, ro, sk, sv, tr, uk, zh_CN. * Update translation template for new release. * Extend SearchBar so that it supports text search and filters. Fixes #13720. * Fix patronymic in name display. Fixes #13764. * Update links in the README to v6.0. * Update the INSTALL file. Issue #13717. + Change install from setup.py to pip. + Update typical installation locations. + Remove the --resourcepath option which no longer exists. * Fix wiki help link in the Addon Manager. Fixes #13735. * Remove the outer progress meter from the filter prepare phase. Fixes #13725. * Fix error when importing a GEDCOM file into an existing tree. Fixes #13726. * Avoid empty metadata fields. Fixes #13721. * Update Italian date modifiers. Update to version 6.0.0: * Full changelog available at https://gramps-project.org/blog/2025/03/gramps-6-0-0-released/ * Reports + The narrative web report has four main improvements: - New indexes for big databases. - Add heatmap. - Improve language and hamburger menus. - Show other roles for an event. + Other report changes: - Add gender symbol option to the detailed descendant, detailed ancestral and descendant report. - Add Gramps ID option to Kinship Report. - Tree reports convert images to thumbnails for embedding. This allows cropped rectangles selected in the media references to be displayed. - Report options are now memorised on a per family tree (database) level. * Gramplets + Improvements to the backlinks (References) gramplets: + Allow an object to be made active from within the backlinks gramplet. + Add a context menu to make “Edit” and “Make Active” more discoverable. + Allow objects in the backlinks gramplets to be dragged to the clipboard. + Add edit capability to the notes gramplets. + Enhanced version of the Filter gramplet. * Selector dialogs + A standard search bar has been added to the person selector dialog. It may default to selecting men or women by default, but selecting on other columns is possible. + It is now possible to select multiple media objects in the media selector and gallery tabs. + The media selector has a new path column. * Other changes + Improvements to the Probably Alive code. + New rules: “Has Event”, “Has Source” and “Having Note of Type”. + New Gedcom 7.0 event roles: “Father”, Mother”, “Parent”, “Child”, “Multiple”, Friend”, “Neighbour” and “Officiator”. + Allow web-accessible file references in media objects. + Add a preference option for the selection of the toolbar style. + Enhancements to the help display. This is ongoing though. + Enable Web Connection menu in all list views. Update to version 5.2.4: * Fix Citations gramplet to recognize event reference citations. Fixes #13555. * Fix exception when finding relationship to home person. Fixes #13495. * Fix mouse scroll direction in pedigree view. * Fix incorrect usage of exec. As of PEP558, locals() is not populated by exec(). This change means that this call is broken on Python 3.13. * Remove some usage of globals(). * Remove unnecessary use of exec. * Test current_date being an empty date in probably alive function. Fixes #13431. * Improve warning message in date_test.py when 3 tests are skipped. * Correctly assign sortval = 0 when a date is EMPTY. Fixes #13415, #13423. * Fix unicode conversion bug when upgrading from schema 16 to 17. * Correct the documentation for the match() method of the Date class. Also added more detail to documentation in 3 other cases. Fixes #13428. * Gramps version output now reports OS rather than Platform. Fixes #12285. * Downgrade upgrade messages from warning to informational level. Fixes #13464. * Fix list size option in the top surnames gramplet. Allow users to specify how many surnames appear in the list from 10 to 1000. Fixes #13448. * Correct misleading description of GUI element placement. * Use the preferred calendar for new dates only in the date editor. Fixes #13403. * Fix docs typo in INSTALL file. * Fix printing of Books. Fixes #12804. * Render reports with styled notes containing subscript and strikethrough. Fixes #13417. * Remove broken link to svn2cl package in the About dialog. Fixes #13152. * Improve media performance in the narrative web report. Fixes #13370. * Updated translations. gramps-6.0.3-bp160.1.1.noarch.rpm gramps-lang-6.0.3-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-3 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 141.0.7390.107: * CVE-2025-11756: Use after free in Safe Browsing (boo#1252013) chromedriver-141.0.7390.107-bp160.1.1.aarch64.rpm chromium-141.0.7390.107-bp160.1.1.aarch64.rpm chromedriver-141.0.7390.107-bp160.1.1.ppc64le.rpm chromium-141.0.7390.107-bp160.1.1.ppc64le.rpm chromedriver-141.0.7390.107-bp160.1.1.x86_64.rpm chromium-141.0.7390.107-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-30 Security update for helmfile important openSUSE Backports SLE-16.0 This update for helmfile fixes the following issues: Changes in helmfile: Update to version 1.1.9: * feat: update strategy for reinstall by @simbou2000 in #2019 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.7 to 1.89.0 by @dependabot[bot] in #2239 * Fix: Handle empty helmBinary in base files with environment values by @Copilot in #2237 Update to version 1.1.8: * build(deps): bump github.com/hashicorp/go-getter from 1.8.0 to 1.8.1 by @dependabot[bot] in #2194 * fix typos in both comment and error message by @d-fal in #2199 * cleanup disk in release ci by @yxxhero in #2203 * Migrate AWS SDK from v1 to v2 to resolve deprecation warnings by @Copilot in #2202 * build(deps): bump github.com/helmfile/vals from 0.42.1 to 0.42.2 by @dependabot[bot] in #2200 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.2 to 1.88.3 by @dependabot[bot] in #2206 * Bump Alpine to 3.22 in Dockerfile by @orishamir in #2205 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.10 to 1.31.12 by @dependabot[bot] in #2207 * Add yq to Dockerfile by @orishamir in #2208 * fix: skip chartify for build command jsonPatches by @sstarcher in #2212 * build(deps): bump github.com/hashicorp/go-getter from 1.8.1 to 1.8.2 by @dependabot[bot] in #2210 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.3 to 1.88.4 by @dependabot[bot] in #2213 * build(deps): bump golang.org/x/term from 0.35.0 to 0.36.0 by @dependabot[bot] in #2214 * Avoid fetching same chart/version multiple times by @Copilot in #2197 * build(deps): bump github.com/helmfile/vals from 0.42.2 to 0.42.4 by @dependabot[bot] in #2217 * docs: add zread badge to README by @yxxhero in #2219 * Bump helm-diff to v3.13.1 by @Copilot in #2223 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.4 to 1.88.5 by @dependabot[bot] in #2226 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.12 to 1.31.13 by @dependabot[bot] in #2225 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.5 to 1.88.6 by @dependabot[bot] in #2230 * build(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.88.6 to 1.88.7 by @dependabot[bot] in #2232 * build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.31.13 to 1.31.15 by @dependabot[bot] in #2233 * Fix helmBinary and kustomizeBinary being ignored when using bases by @Copilot in #2228 Update to version 1.1.7: What's Changed * fix pflag error by @zhaque44 in #2164 * build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #2166 * build(deps): bump github.com/hashicorp/go-getter from 1.7.9 to 1.7.10 by @dependabot[bot] in #2165 * build(deps): bump github.com/spf13/pflag from 1.0.9 to 1.0.10 by @dependabot[bot] in #2163 * Add helm diff installation to README by @nwneisen in #2170 * build(deps): bump github.com/hashicorp/go-getter from 1.7.10 to 1.8.0 by @dependabot[bot] in #2175 * build(deps): bump golang.org/x/term from 0.34.0 to 0.35.0 by @dependabot[bot] in #2174 * build(deps): bump github.com/zclconf/go-cty from 1.16.4 to 1.17.0 by @dependabot[bot] in #2173 * Fix panic when helm isn't installed by @nwneisen in #2169 * build(deps): bump golang.org/x/sync from 0.16.0 to 0.17.0 by @dependabot[bot] in #2172 * ci: update minikube and kubernetes versions by @yxxhero in #2181 * build(deps): bump k8s.io/apimachinery from 0.34.0 to 0.34.1 by @dependabot[bot] in #2180 * Remove deprecated --wait-retries flag support to fix Helm compatibility error by @Copilot in #2179 * build(deps): bump go.yaml.in/yaml/v2 from 2.4.2 to 2.4.3 by @dependabot[bot] in #2183 * build: update Helm to v3.19.0 across all components by @yxxhero in #2187 * build: update helm-diff plugin to v3.13.0 by @yxxhero in #2189 * feat: Implement caching for pulling OCI charts by @mustdiechik in #2171 * build(deps): bump github.com/helmfile/chartify from 0.24.7 to 0.25.0 by @dependabot[bot] in #2190 - Update to version 1.1.6: What's Changed * build(deps): bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 by @dependabot[bot] in #2139 * build(deps): bump github.com/zclconf/go-cty from 1.16.3 to 1.16.4 by @dependabot[bot] in #2145 * build: update helm to v3.18.6 by @yxxhero in #2144 * build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.0 by @dependabot[bot] in #2150 * Add missing --timeout flag to helmfile sync command with documentation by @Copilot in #2148 * Fix enableDNS flag missing in diff command and refactor duplicate logic by @Copilot in #2147 * build(deps): bump github.com/stretchr/testify from 1.11.0 to 1.11.1 by @dependabot[bot] in #2151 * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.14 by @dependabot[bot] in #2154 * Bump github.com/ulikunitz/xz from v0.5.14 to v0.5.15 by @Copilot in #2159 * build(deps): bump github.com/helmfile/vals from 0.42.0 to 0.42.1 by @dependabot[bot] in #2161 * build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9 by @dependabot[bot] in #2160 * build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 by @dependabot[bot] in #2162 * Fix error propagation in helmfile diff when Kubernetes is unreachable by @Copilot in #2149 - Update to version 1.1.5: What's Changed * build(deps): bump actions/checkout from 4 to 5 by @dependabot[bot] in #2128 * Update recommended Helm versions in init.go and run.sh by @yxxhero in #2129 * Add comprehensive .github/copilot-instructions.md for coding agents by @Copilot in #2131 * refactor(state): extract getMissingFileHandler method for clarity by @yxxhero in #2133 * Fix parseHelmVersion to handle helm versions without 'v' prefix by @Copilot in #2132 * build(deps): bump k8s.io/apimachinery from 0.33.3 to 0.33.4 by @dependabot[bot] in #2136 * build(deps): bump github.com/helmfile/chartify from 0.24.6 to 0.24.7 by @dependabot[bot] in #2135 - Update to version 1.1.4: What's Changed * build(deps): bump github.com/helmfile/vals from 0.41.2 to 0.41.3 by @dependabot[bot] in #2100 * build(deps): bump k8s.io/apimachinery from 0.33.2 to 0.33.3 by @dependabot[bot] in #2101 * fix: update Helm version to v3.17.4 in CI and init.go by @yxxhero in #2102 * build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7 by @dependabot[bot] in #2104 * feat(state): add missingFileHandlerConfig and related logic by @yxxhero in #2105 * refactor(filesystem): add CopyDir method and optimize Fetch function by @yxxhero in #2111 * Allow caching of remote files to be disabled by @jess-sol in #2112 * refactor(yaml): switch yaml library import paths from gopkg.in to go.yaml.in by @yxxhero in #2114 * build(deps): bump actions/download-artifact from 4 to 5 by @dependabot[bot] in #2121 * build(deps): bump golang.org/x/term from 0.33.0 to 0.34.0 by @dependabot[bot] in #2123 - Update to version 1.1.3: What's Changed * build: update Helm to v3.18.3 and related dependencies by @yxxhero in #2082 * Expose release version as .Release.ChartVersion for templating by @Simske in #2080 * build(deps): bump github.com/helmfile/chartify from 0.24.3 to 0.24.4 by @dependabot[bot] in #2083 * build(deps): bump k8s.io/apimachinery from 0.33.1 to 0.33.2 by @dependabot[bot] in #2086 * build(deps): bump github.com/helmfile/chartify from 0.24.4 to 0.24.5 by @dependabot[bot] in #2087 * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.1 to 3.4.0 by @dependabot[bot] in #2089 * build(deps): bump github.com/hashicorp/hcl/v2 from 2.23.0 to 2.24.0 by @dependabot[bot] in #2092 * build: update Helm and plugin versions to v3.18.4 and v3.12.3 by @yxxhero in #2093 * docs: update status section with May 2025 release information by @yxxhero in #2096 * build(deps): bump golang.org/x/sync from 0.15.0 to 0.16.0 by @dependabot[bot] in #2099 * build(deps): bump golang.org/x/term from 0.32.0 to 0.33.0 by @dependabot[bot] in #2098 - Update to version 1.1.2: What's Changed * build(deps): bump github.com/helmfile/chartify from 0.24.2 to 0.24.3 by @dependabot in #2065 * build: update Helm to v3.18.2 and adjust related configurations by @yxxhero in #2064 * build(deps): bump github.com/helmfile/vals from 0.41.1 to 0.41.2 by @dependabot in #2067 * build(deps): bump golang.org/x/sync from 0.14.0 to 0.15.0 by @dependabot in #2068 * fix-insecure-flag by @anontrex in #2072 * build(deps): bump github.com/cloudflare/circl from 1.4.0 to 1.6.1 by @dependabot in #2074 * fix: update helm-diff to version 3.12.2 in CI and Dockerfiles by @yxxhero in #2073 * fix: TestToYaml not working with 32-bit architectures by @ProbstDJakob in #2075 - Update to version 1.1.1: What's Changed * Update README.md by @mumoshu in #2046 * build(deps): bump github.com/helmfile/vals from 0.41.0 to 0.41.1 by @dependabot in #2048 * build(helm) update to v3.18.0 by @yxxhero in #2044 * build(deps): bump github.com/helmfile/chartify from 0.23.0 to 0.24.1 by @dependabot in #2049 * build: update Helm and plugin versions in CI and Dockerfiles by @yxxhero in #2059 - Update to version 1.1.0: What's Changed * chore: fix typo in create_test.go by @sadikkuzu in #2025 * build(deps): bump golangci/golangci-lint-action from 7 to 8 by @dependabot in #2029 * build(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 by @dependabot in #2028 * build(deps): bump github.com/helmfile/chartify from 0.22.0 to 0.23.0 by @dependabot in #2027 * chore: remove test data files by @yxxhero in #2026 * build(deps): bump golang.org/x/term from 0.31.0 to 0.32.0 by @dependabot in #2033 * build(deps): bump github.com/helmfile/vals from 0.40.1 to 0.41.0 by @dependabot in #2032 * build(deps): bump dario.cat/mergo from 1.0.1 to 1.0.2 by @dependabot in #2035 * feat(tmpl): enhance ToYaml test with multiple scenarios by @yxxhero in #2031 * [sops, age] update to have SSH key support with sops by @itscaro in #2036 * feat(yaml): add JSON style encoding option to NewEncoder by @yxxhero in #2038 * refactor(yaml): upgrade from gopkg.in/yaml.v2 to v3 by @yxxhero in #2039 * Update readme & documentation with 2025 status of helmfile project by @zhaque44 in #2040 * build(deps): bump k8s.io/apimachinery from 0.33.0 to 0.33.1 by @dependabot in #2041 * build(deps): bump github.com/zclconf/go-cty from 1.16.2 to 1.16.3 by @dependabot in #2043 - Update to version 1.0.0: PLEASE READ https://github.com/helmfile/helmfile/blob/main/docs/proposals/towards-1.0.md What's Changed: * build(deps): bump github.com/helmfile/vals from 0.39.0 to 0.39.1 by @dependabot in #1926 * Bump kubectl to current version (1.32.1) by @DerDaku in #1924 * build(deps): bump github.com/goccy/go-yaml from 1.15.21 to 1.15.22 by @dependabot in #1925 * build: update Helm to v3.17.1 and related dependencies by @yxxhero in #1928 * build(deps): bump k8s.io/apimachinery from 0.32.1 to 0.32.2 by @dependabot in #1931 * feat: inject cli state values (--state-values-set) into environment templating context by @Vince-Chenal in #1917 * docs: add skipSchemaValidation to index.md and update related structs by @yxxhero in #1935 * refactor(state): optimize HelmState flags handling by @yxxhero in #1937 * Update vals package to v0.39.2 by @aditmeno in #1938 * build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in #1940 * build(deps): bump github.com/goccy/go-yaml from 1.15.22 to 1.15.23 by @dependabot in #1941 * build(deps): bump github.com/helmfile/chartify from 0.20.8 to 0.20.9 by @dependabot in #1942 * feat: colorized DELETED by @yurrriq in #1944 * feat(docs): add proposal to remove charts and delete subcommands by @yxxhero in #1936 * build(deps): bump github.com/google/go-cmp from 0.6.0 to 0.7.0 by @dependabot in #1945 * build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 by @dependabot in #1946 * build: update golang version to 1.24 and golangci-lint to v1.64.5 by @yxxhero in #1949 * build(deps): bump github.com/helmfile/vals from 0.39.2 to 0.39.3 by @dependabot in #1951 * build(deps): bump github.com/helmfile/chartify from 0.20.9 to 0.21.0 by @dependabot in #1950 * build(deps): bump golang.org/x/sync from 0.11.0 to 0.12.0 by @dependabot in #1955 * build(deps): bump jinja2 from 3.1.5 to 3.1.6 in /docs by @dependabot in #1956 * Don't warn if this and the needed release set installed: false by @jayme-github in #1958 * build(deps): bump golang.org/x/term from 0.29.0 to 0.30.0 by @dependabot in #1959 * Remove all v0.x references by @yxxhero in #1919 * build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3 by @dependabot in #1960 * build(deps): bump golang.org/x/net from 0.35.0 to 0.36.0 by @dependabot in #1961 * build(deps): bump github.com/helmfile/vals from 0.39.3 to 0.39.4 by @dependabot in #1962 * build: update Helm to v3.17.2 and related dependencies by @yxxhero in #1965 * build: update yaml.v3 dependency and remove colega/go-yaml-yaml by @yxxhero in #1929 * build(deps): bump github.com/containerd/containerd from 1.7.24 to 1.7.27 by @dependabot in #1966 * build(deps): bump github.com/goccy/go-yaml from 1.15.23 to 1.16.0 by @dependabot in #1967 * build(deps): bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 by @dependabot in #1969 * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 by @dependabot in #1970 * build(deps): bump golangci/golangci-lint-action from 6 to 7 by @dependabot in #1975 * build(deps): bump github.com/helmfile/vals from 0.39.4 to 0.40.0 by @dependabot in #1978 * build(deps): bump github.com/helmfile/chartify from 0.21.0 to 0.21.1 by @dependabot in #1979 * docs(fix): correct typo in 'tier=fronted' to 'tier=frontend' by @yxxhero in #1980 * feat: add labels for helm release by @yxxhero in #1046 * build(deps): bump github.com/helmfile/vals from 0.40.0 to 0.40.1 by @dependabot in #1981 * build(deps): bump github.com/goccy/go-yaml from 1.16.0 to 1.17.1 by @dependabot in #1982 * fix: Check needs with context and namespace by @aarnq in #1986 * build(deps): bump golang.org/x/sync from 0.12.0 to 0.13.0 by @dependabot in #1991 * build(deps): bump golang.org/x/term from 0.30.0 to 0.31.0 by @dependabot in #1990 * fix(state): enhance error message for missing .gotmpl extension in helmfile v1 by @yxxhero in #1989 * build(deps): bump github.com/helmfile/chartify from 0.21.1 to 0.22.0 by @dependabot in #1996 * build: update Helm plugin versions in CI and Dockerfiles by @yxxhero in #1995 * build: update Helm to v3.17.3 and update related Dockerfiles by @yxxhero in #1993 * build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0 by @dependabot in #2010 * feat: add helmfile archive configuration in goreleaser by @yxxhero in #2000 * docs: add more complex examples section in README by @yxxhero in #2013 * Feat: setting reuseValues flag in release by @blaskoa in #2004 * build(deps): bump k8s.io/apimachinery from 0.32.3 to 0.32.4 by @dependabot in #2016 * build(deps): bump github.com/aws/aws-sdk-go from 1.55.6 to 1.55.7 by @dependabot in #2015 * chore: support parsing any type with fromYaml by @ProbstDJakob in #2017 * build(deps): bump k8s.io/apimachinery from 0.32.4 to 0.33.0 by @dependabot in #2018 * feat: add --take-ownership flag to helm diff and related config by @yxxhero in #1992 - Update to version 0.171.0: * feat: execute templates against postRendererHooks by @allanger in #1839 * build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6 by @dependabot in #1897 * build(deps): bump github.com/goccy/go-yaml from 1.15.15 to 1.15.16 by @dependabot in #1901 * build(deps): bump github.com/goccy/go-yaml from 1.15.16 to 1.15.17 by @dependabot in #1905 * Use a regex to match --state-values-set-string arguments by @gllb in #1902 * build(deps): bump golang.org/x/sync from 0.10.0 to 0.11.0 by @dependabot in #1911 * Chartify v0.20.8 update by @scodeman in #1908 * cleanup: remove all about v0.x by @yxxhero in #1903 * build(deps): bump golang.org/x/term from 0.28.0 to 0.29.0 by @dependabot in #1913 * chore: update babel to resolve CVEs by @zhaque44 in #1916 * remove deprecated charts.yaml by @yxxhero in #1437 * Revert "cleanup: remove all about v0.x" by @yxxhero in #1918 * build(deps): bump github.com/goccy/go-yaml from 1.15.17 to 1.15.19 by @dependabot in #1920 * build(deps): bump github.com/goccy/go-yaml from 1.15.19 to 1.15.20 by @dependabot in #1921 * feat: Add support for --wait-retries flag. by @connyay in #1922 * build: update go-yaml to v1.15.21 by @yxxhero in #1923 - Update to version 0.170.1: * build(deps): bump github.com/goccy/go-yaml from 1.15.14 to 1.15.15 by @dependabot in #1882 * build(deps): bump github.com/hashicorp/go-slug from 0.15.0 to 0.16.3 by @dependabot in #1886 (CVE-2025-0377) * Ensure 'helm repo add' is also not pollute on helmfile template by @baurmatt in #1887 * build(deps): bump github.com/zclconf/go-cty from 1.16.1 to 1.16.2 by @dependabot in #1888 * fix: using correct option for takeOwnership flag by @blaskoa in #1892 * fix typo in docs by @adamab48 in #1889 - Update to version 0.170.0: * build(deps): bump github.com/goccy/go-yaml from 1.15.6 to 1.15.7 by @dependabot in #1818 * build(deps): bump golang.org/x/term from 0.26.0 to 0.27.0 by @dependabot in #1817 * chore(doc): fix the indent of the selector usage sample yaml by @Ladicle in #1819 * feat(state): add support for setString in ReleaseSpec and HelmState by @yxxhero in #1821 * build(deps): bump github.com/goccy/go-yaml from 1.15.7 to 1.15.8 by @dependabot in #1822 * test(state): add TestHelmState_setStringFlags for setStringFlags method by @yxxhero in #1823 * build(deps): bump k8s.io/apimachinery from 0.31.3 to 0.31.4 by @dependabot in #1826 * build(deps): bump golang.org/x/crypto from 0.29.0 to 0.31.0 by @dependabot in #1828 * build(deps): bump github.com/goccy/go-yaml from 1.15.8 to 1.15.9 by @dependabot in #1831 * build(deps): bump k8s.io/apimachinery from 0.31.4 to 0.32.0 by @dependabot in #1830 * feat: updating sops version to 3.9.2 by @zhaque44 in #1834 * build(deps): bump github.com/goccy/go-yaml from 1.15.9 to 1.15.10 by @dependabot in #1835 * build(deps): bump helm.sh/helm/v3 from 3.16.3 to 3.16.4 by @dependabot in #1836 * build: update Helm version to v3.16.4 in CI and Dockerfiles by @yxxhero in #1837 * build(deps): bump github.com/goccy/go-yaml from 1.15.10 to 1.15.11 by @dependabot in #1838 * build(deps): bump filippo.io/age from 1.2.0 to 1.2.1 by @dependabot in #1840 * build(deps): bump github.com/goccy/go-yaml from 1.15.11 to 1.15.12 by @dependabot in #1843 * build: update helm-diff to v3.9.13 in Dockerfiles and init.go by @yxxhero in #1841 * build(deps): bump github.com/helmfile/chartify from 0.20.4 to 0.20.5 by @dependabot in #1845 * build(deps): bump github.com/goccy/go-yaml from 1.15.12 to 1.15.13 by @dependabot in #1844 * build(deps): bump jinja2 from 3.1.4 to 3.1.5 in /docs by @dependabot in #1846 * CVE-2024-45338: updating golang.org/x/net: to version: v0.33.0 by @zhaque44 in #1849 * build(deps): bump github.com/zclconf/go-cty from 1.15.1 to 1.16.0 by @dependabot in #1851 * build(deps): bump golang.org/x/term from 0.27.0 to 0.28.0 by @dependabot in #1852 * update sops versions to 3.9.3 by @zhaque44 in #1861 * build(deps): bump github.com/hashicorp/go-getter from 1.7.6 to 1.7.7 by @dependabot in #1862 * feat: add --take-ownership flag to apply and sync commands by @yxxhero in #1863 * fix: ensure plain http is supported across all helmfile commands by @purpleclay in #1858 * fix: ensure development versions of charts can be used across helmfile commands by @purpleclay in #1865 * build(deps): bump github.com/helmfile/chartify from 0.20.5 to 0.20.6 by @dependabot in #1866 * update kubectl version (1.30) to stay up to date with new releases by @zhaque44 in #1867 * build(deps): bump github.com/zclconf/go-cty from 1.16.0 to 1.16.1 by @dependabot in #1870 * build(deps): bump github.com/hashicorp/go-getter from 1.7.7 to 1.7.8 by @dependabot in #1869 * feat: Add "--no-hooks" to helmfile template by @jwlai in #1813 * update helm and k8s versions in ci, dockerfiles, and go.mod by @yxxhero in #1872 * build(deps): bump github.com/helmfile/vals from 0.38.0 to 0.39.0 by @dependabot in #1876 * build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 by @dependabot in #1873 * build(deps): bump github.com/goccy/go-yaml from 1.15.13 to 1.15.14 by @dependabot in #1874 * build: update helm-diff to v3.9.14 in Dockerfiles and init.go by @yxxhero in #1877 - Update to version 0.169.2: * build(deps): bump github.com/helmfile/vals from 0.37.6 to 0.37.7 by @dependabot in #1747 * build(deps): bump k8s.io/apimachinery from 0.31.1 to 0.31.2 by @dependabot in #1754 * Reset extra args before running 'dependency build' by @baurmatt in #1751 * Introducing Helmfile Guru on Gurubase.io by @kursataktas in #1748 * feat: add skip json schema validation during the install /upgrade of a Chart by @zhaque44 in #1737 * fix(maputil): prevent nil value overwrite by @ban11111 in #1755 * build(deps): bump github.com/goccy/go-yaml from 1.12.0 to 1.13.0 by @dependabot in #1759 * fix: this url doesn't work anymore by @zekena2 in #1760 * build(deps): bump github.com/goccy/go-yaml from 1.13.0 to 1.13.1 by @dependabot in #1762 * build(deps): bump github.com/goccy/go-yaml from 1.13.1 to 1.13.2 by @dependabot in #1763 * build(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 by @dependabot in #1767 * build(deps): bump github.com/helmfile/vals from 0.37.7 to 0.37.8 by @dependabot in #1764 * build(deps): bump github.com/goccy/go-yaml from 1.13.2 to 1.13.4 by @dependabot in #1765 * fix(integration-tests): read correct minikube status (#1768) by @ceriath in #1769 * build(deps): bump github.com/goccy/go-yaml from 1.13.4 to 1.13.5 by @dependabot in #1770 * Add integration tests for #1749 by @baurmatt in #1766 * fix: update acme chart URL in input.yaml by @yxxhero in #1773 * build(deps): bump github.com/goccy/go-yaml from 1.13.5 to 1.13.6 by @dependabot in #1771 * build(deps): bump golang.org/x/sync from 0.8.0 to 0.9.0 by @dependabot in #1775 * build(deps): bump golang.org/x/term from 0.25.0 to 0.26.0 by @dependabot in #1774 * Revive dead badge links by @eggplants in #1776 * feat: refactor label creation in state.go by @yxxhero in #1758 * docs: Add Gurubase badge to README-zh_CN by @yxxhero in #1777 * build(deps): bump github.com/goccy/go-yaml from 1.13.6 to 1.13.9 by @dependabot in #1781 * build(deps): bump github.com/goccy/go-yaml from 1.13.9 to 1.14.0 by @dependabot in #1782 * build(deps): bump github.com/goccy/go-yaml from 1.14.0 to 1.14.3 by @dependabot in #1788 * build(deps): bump helm.sh/helm/v3 from 3.16.2 to 3.16.3 by @dependabot in #1786 * fix: update helm-diff to version 3.9.12 in CI and Dockerfiles by @yxxhero in #1792 * build: update Helm version to v3.16.3 in CI and Dockerfiles by @yxxhero in #1791 * feat: add HELMFILE_INTERACTIVE env var to enable interactive mode by @thevops in #1787 * build(deps): bump github.com/hashicorp/hcl/v2 from 2.22.0 to 2.23.0 by @dependabot in #1793 * build(deps): bump github.com/Masterminds/semver/v3 from 3.3.0 to 3.3.1 by @dependabot in #1795 * chore: update with testify/assert assertion and table driven tests for fs.go by @zhaque44 in #1794 * build(deps): bump k8s.io/apimachinery from 0.31.2 to 0.31.3 by @dependabot in #1798 * build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in #1800 * build(deps): bump github.com/goccy/go-yaml from 1.14.3 to 1.15.0 by @dependabot in #1804 * build(deps): bump github.com/goccy/go-yaml from 1.15.0 to 1.15.1 by @dependabot in #1807 * build(deps): bump github.com/zclconf/go-cty from 1.15.0 to 1.15.1 by @dependabot in #1806 * update example chart URL in remote-secrets doc by @daveneeley in #1809 * build(deps): bump github.com/goccy/go-yaml from 1.15.1 to 1.15.3 by @dependabot in #1811 * build(deps): bump github.com/goccy/go-yaml from 1.15.3 to 1.15.6 by @dependabot in #1812 * fix: inject global values in Chartify by @xabufr in #1805 * build(deps): bump github.com/helmfile/vals from 0.37.8 to 0.38.0 by @dependabot in #1814 * build(deps): bump github.com/helmfile/chartify from 0.20.3 to 0.20.4 by @dependabot in #1815 * build(deps): bump golang.org/x/sync from 0.9.0 to 0.10.0 by @dependabot in #1816 - Update to version 0.169.1: * feat: update sops version to 3.9.1 by @zhaque44 in #1742 * chore: improve test assertions and descriptions for file download test by @zhaque44 in #1745 * feat: add 'hide-notes' flag to helm in sync and apply commands by @yxxhero in #1746 helmfile-0.169.0-bp160.1.13.x86_64.rpm helmfile-bash-completion-0.169.0-bp160.1.13.noarch.rpm helmfile-fish-completion-0.169.0-bp160.1.13.noarch.rpm helmfile-zsh-completion-0.169.0-bp160.1.13.noarch.rpm helmfile-0.169.0-bp160.1.13.s390x.rpm helmfile-0.169.0-bp160.1.13.ppc64le.rpm helmfile-0.169.0-bp160.1.13.aarch64.rpm openSUSE-Leap-16.0-packagehub-31 Security update for pnpm moderate openSUSE Backports SLE-16.0 This update for pnpm fixes the following issues: Changes in pnpm: - update to 10.22.0: * Minor Changes - Added support for trustPolicyExclude #10164. You can now list one or more specific packages or versions that pnpm should allow to install, even if those packages don't satisfy the trust policy requirement. For example: trustPolicy: no-downgrade trustPolicyExclude: - chokidar@4.0.3 - webpack@4.47.0 || 5.102.1 - Allow to override the engines field on publish by the publishConfig.engines field. * Patch Changes - Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #10179. - update to 10.21.0: * Minor Changes - Node.js Runtime Installation for Dependencies. Added support for automatic Node.js runtime installation for dependencies. pnpm will now install the Node.js version required by a dependency if that dependency declares a Node.js runtime in the "engines" field. For example: { "engines": { "runtime": { "name": "node", "version": "^24.11.0", "onFail": "download" } } } If the package with the Node.js runtime dependency is a CLI app, pnpm will bind the CLI app to the required Node.js version. This ensures that, regardless of the globally installed Node.js instance, the CLI will use the compatible version of Node.js. If the package has a postinstall script, that script will be executed using the specified Node.js version. Related PR: #10141 - Added a new setting: trustPolicy. When set to no-downgrade, pnpm will fail installation if a package’s trust level has decreased compared to previous releases — for example, if it was previously published by a trusted publisher but now only has provenance or no trust evidence. This helps prevent installing potentially compromised versions of a package. Related issue: #8889. - Added support for pnpm config get globalconfig to retrieve the global config file path #9977. * Patch Changes - When a user runs pnpm update on a dependency that is not directly listed in package.json, none of the direct dependencies should be updated #10155. - Don't crash when two processes of pnpm are hardlinking the contents of a directory to the same destination simultaneously #10160. - Setting gitBranchLockfile and related settings via pnpm-workspace.yaml should work #9651. - update to 10.20.0: * Minor Changes - Support --all option in pnpm --help to list all commands #8628. * Patch Changes - When the latest version doesn't satisfy the maturity requirement configured by minimumReleaseAge, pick the highest version that is mature enough, even if it has a different major version #10100. - create command should not verify patch info. - Set managePackageManagerVersions to false, when switching to a different version of pnpm CLI, in order to avoid subsequent switches #10063. - update to 10.19.0: * Minor Changes - You can now allow specific versions of dependencies to run postinstall scripts. onlyBuiltDependencies now accepts package names with lists of trusted versions. For example: Related PR: #10104. onlyBuiltDependencies: - nx@21.6.4 || 21.6.5 - esbuild@0.25.1 - Added support for exact versions in minimumReleaseAgeExclude #9985. You can now list one or more specific versions that pnpm should allow to install, even if those versions don’t satisfy the maturity requirement set by minimumReleaseAge. For example: minimumReleaseAge: 1440 minimumReleaseAgeExclude: - nx@21.6.5 - webpack@4.47.0 || 5.102.1 - update to 10.18.3: * Patch Changes - Fix a bug where pnpm would infinitely recurse when using verifyDepsBeforeInstall: install and pre/post install scripts that called other pnpm scripts #10060. - Fixed scoped registry keys (e.g., @scope:registry) being parsed as property paths in pnpm config get when --location=project is used #9362. - Remove pnpm-specific CLI options before passing to npm publish to prevent "Unknown cli config" warnings #9646. - Fixed EISDIR error when bin field points to a directory #9441. - Preserve version and hasBin for variations packages #10022. - Fixed pnpm config set --location=project incorrectly handling keys with slashes (auth tokens, registry settings) #9884. - When both pnpm-workspace.yaml and .npmrc exist, pnpm config set --location=project now writes to pnpm-workspace.yaml (matching read priority) #10072. - Prevent a table width error in pnpm outdated --long #10040. - Sync bin links after injected dependencies are updated by build scripts. This ensures that binaries created during build processes are properly linked and accessible to consuming projects #10057. - update to 10.18.2: * Patch Changes - pnpm outdated --long should work #10040. - Replace ndjson with split2. Reduce the bundle size of pnpm CLI #10054. - pnpm dlx should request the full metadata of packages, when minimumReleaseAge is set #9963. - pnpm version switching should work when the pnpm home directory is in a symlinked directory #9715. - Fix EPIPE errors when piping output to other commands #10027. - update to 10.18.1: * Patch Changes - Don't print a warning, when --lockfile-only is used #8320. - pnpm setup creates a command shim to the pnpm executable. This is needed to be able to run pnpm self-update on Windows #5700. - When using pnpm catalogs and running a normal pnpm install, pnpm produced false positive warnings for "skip adding to the default catalog because it already exists". This warning now only prints when using pnpm add --save-catalog as originally intended. - update to 10.18.0: * Minor Changes - Added network performance monitoring to pnpm by implementing warnings for slow network requests, including both metadata fetches and tarball downloads. Added configuration options for warning thresholds: fetchWarnTimeoutMs and fetchMinSpeedKiBps. Warning messages are displayed when requests exceed time thresholds or fall below speed minimums Related PR: #10025. * Patch Changes - Retry filesystem operations on EAGAIN errors #9959. - Outdated command respects minimumReleaseAge configuration #10030. - Correctly apply the cleanupUnusedCatalogs configuration when removing dependent packages. - Don't fail with a meaningless error when scriptShell is set to false #8748. - pnpm dlx should not fail when minimumReleaseAge is set #10037. - update to 10.17.1: * Patch Changes - When a version specifier cannot be resolved because the versions don't satisfy the minimumReleaseAge setting, print this information out in the error message #9974. - Fix state.json creation path when executing pnpm patch in a workspace project #9733. - When minimumReleaseAge is set and the latest tag is not mature enough, prefer a non-deprecated version as the new latest #9987. - update to 10.17: * Minor Changes - The minimumReleaseAgeExclude setting now supports patterns. For instance: minimumReleaseAge: 1440 minimumReleaseAgeExclude: - "@eslint/*" * Patch Changes - Don't ignore the minimumReleaseAge check, when the package is requested by exact version and the packument is loaded from cache #9978. - When minimumReleaseAge is set and the active version under a dist-tag is not mature enough, do not downgrade to a prerelease version in case the original version wasn't a prerelease one #9979. - update to 10.16.1: * Patch Changes - The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #9963. - Forcibly disable ANSI color codes when generating patch diff #9914. - update to 10.16: * Minor Changes - There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour. - The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed. - If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time: minimumReleaseAgeExclude: - webpack - Added support for finders #9946. In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example: pnpm why minimist prints the chain of dependencies to any installed instance of minimist: verdaccio 5.20.1 ├─┬ handlebars 4.7.7 │ └── minimist 1.2.8 └─┬ mv 2.1.1 └─┬ mkdirp 0.5.6 └── minimist 1.2.8 What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies? This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why. Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs: module.exports = { finders: { react17: (ctx) => { return ctx.readManifest().peerDependencies?.react === "^17.0.0"; }, }, }; Now we can use this finder function by running: pnpm why --find-by=react17 pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph. @apollo/client 4.0.4 ├── @graphql-typed-document-node/core 3.2.0 └── graphql-tag 2.12.6 It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder: module.exports = { finders: { react17: (ctx) => { const manifest = ctx.readManifest(); if (manifest.peerDependencies?.react === "^17.0.0") { return `license: ${manifest.license}`; } return false; }, }, }; Every matched package will also print out the license from its package.json: @apollo/client 4.0.4 ├── @graphql-typed-document-node/core 3.2.0 │ license: MIT └── graphql-tag 2.12.6 license: MIT * Patch Changes - Fix deprecation warning printed when executing pnpm with Node.js 24 #9529. - Throw an error if nodeVersion is not set to an exact semver version #9934. - pnpm publish should be able to publish a .tar.gz file #9927. - Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #9626. - update to 10.15.1: * Patch Changes - Fix .pnp.cjs crash when importing subpath #9904. - When resolving peer dependencies, pnpm looks whether the peer dependency is present in the root workspace project's dependencies. This change makes it so that the peer dependency is correctly resolved even from aliased npm-hosted dependencies or other types of dependencies #9913. - update to 10.15.0: * Minor Changes - Added the cleanupUnusedCatalogs configuration. When set to true, pnpm will remove unused catalog entries during installation #9793. - Automatically load pnpmfiles from config dependencies that are named @*/pnpm-plugin-* #9780. - pnpm config get now prints an INI string for an object value #9797. - pnpm config get now accepts property paths (e.g. pnpm config get catalog.react, pnpm config get .catalog.react, pnpm config get 'packageExtensions["@babel/parser"].peerDependencies["@babel/types"]'), and pnpm config set now accepts dot-leading or subscripted keys (e.g. pnpm config set .ignoreScripts true). - pnpm config get --json now prints a JSON serialization of config value, and pnpm config set --json now parses the input value as JSON. * Patch Changes - Semi-breaking. When automatically installing missing peer dependencies, prefer versions that are already present in the direct dependencies of the root workspace package #9835. - When executing the pnpm create command, must verify whether the node version is supported even if a cache already exists #9775. - When making requests for the non-abbreviated packument, add */* to the Accept header to avoid getting a 406 error on AWS CodeArtifact #9862. - The standalone exe version of pnpm works with glibc 2.26 again #9734. - Fix a regression in which pnpm dlx pkg --help doesn't pass --help to pkg #9823. - update to 10.14.0: * Minor Changes - Added support for JavaScript runtime installation (Related PR: #9755.) Declare Node.js, Deno, or Bun in devEngines.runtime (inside package.json) and let pnpm download and pin it automatically. Usage example: { "devEngines": { "runtime": { "name": "node", "version": "^24.4.0", "onFail": "download" // we only support the "download" value for now } } } How it works: - pnpm install resolves your specified range to the latest matching runtime version. - The exact version (and checksum) is saved in the lockfile. - Scripts use the local runtime, ensuring consistency across environments. Why this is better: - This new setting supports also Deno and Bun (vs. our Node-only settings useNodeVersion and executionEnv.nodeVersion) - Supports version ranges (not just a fixed version). - The resolved version is stored in the pnpm lockfile, along with an integrity checksum for future validation of the Node.js content's validity. - It can be used on any workspace project (like executionEnv.nodeVersion). So, different projects in a workspace can use different runtimes. - For now devEngines.runtime setting will install the runtime locally, which we will improve in future versions of pnpm by using a shared location on the computer. - Add --cpu, --libc, and --os to pnpm install, pnpm add, and pnpm dlx to customize supportedArchitectures via the CLI #7510. * Patch Changes - Fix a bug in which pnpm add downloads packages whose libc differ from pnpm.supportedArchitectures.libc. - The integrities of the downloaded Node.js artifacts are verified #9750. - Allow dlx to parse CLI flags and options between the dlx command and the command to run or between the dlx command and -- #9719. - pnpm install --prod should removing hoisted dev dependencies #9782. - Fix an edge case bug causing local tarballs to not re-link into the virtual store. This bug would happen when changing the contents of the tarball without renaming the file and running a filtered install. - Fix a bug causing pnpm install to incorrectly assume the lockfile is up to date after changing a local tarball that has peers dependencies. - update to 10.13.1: * Patch Changes - Run user defined pnpmfiles after pnpmfiles of plugins. - update to 10.13.0: * Minor Changes - Added the possibility to load multiple pnpmfiles. The pnpmfile setting can now accept a list of pnpmfile locations #9702. - pnpm will now automatically load the pnpmfile.cjs file from any config dependency named @pnpm/plugin-* or pnpm-plugin-* #9729. - The order in which config dependencies are initialized should not matter — they are initialized in alphabetical order. If a specific order is needed, the paths to the pnpmfile.cjs files in the config dependencies can be explicitly listed using the pnpmfile setting in pnpm-workspace.yaml. * Patch Changes - When patching dependencies installed via pkg.pr.new, treat them as Git tarball URLs #9694. - Prevent conflicts between local projects' config and the global config in dangerouslyAllowAllBuilds, onlyBuiltDependencies, onlyBuiltDependenciesFile, and neverBuiltDependencies #9628. - Sort keys in pnpm-workspace.yaml with deep #9701. - The pnpm rebuild command should not add pkgs included in ignoredBuiltDependencies to ignoredBuilds in node_modules/.modules.yaml #9338. - Replaced shell-quote with shlex for quoting command arguments #9381. - update to 10.12.4: * Patch Changes - Fix pnpm licenses command for local dependencies #9583. - Fix a bug in which pnpm ls --filter=not-exist --json prints nothing instead of an empty array #9672. - Fix a deadlock that sometimes happens during peer dependency resolution #9673. - Running pnpm install after pnpm fetch should hoist all dependencies that need to be hoisted. - Fixes a regression introduced in v10.12.2 by #9648; resolves #9689. - update to 10.12.3: * Patch Changes - Restore hoisting of optional peer dependencies when installing with an outdated lockfile. Regression introduced in v10.12.2 by #9648; resolves #9685. - update to 10.12.2: * Patch Changes - Fixed hoisting with enableGlobalVirtualStore set to true #9648. - Fix the --help and -h flags not working as expected for the pnpm create command. - The dependency package path output by the pnpm licenses list --json command is incorrect. - Fix a bug in which pnpm deploy fails due to overridden dependencies having peer dependencies causing ERR_PNPM_OUTDATED_LOCKFILE #9595. - update to 10.12.1 (10.2.0 was yanked): * Minor Changes - Experimental. Added support for global virtual stores. When enabled, node_modules contains only symlinks to a central virtual store, rather to node_modules/.pnpm. By default, this central store is located at <store-path>/links (you can find the store path by running pnpm store path). In the central virtual store, each package is hard linked into a directory whose name is the hash of its dependency graph. This allows multiple projects on the system to symlink shared dependencies from this central location, significantly improving installation speed when a warm cache is available. This is conceptually similar to how NixOS manages packages, using dependency graph hashes to create isolated and reusable package directories. To enable the global virtual store, set enableGlobalVirtualStore: true in your root pnpm-workspace.yaml, or globally via: pnpm config -g set enable-global-virtual-store true NOTE: In CI environments, where caches are typically cold, this setting may slow down installation. pnpm automatically disables the global virtual store when running in CI. Related PR: #8190 - The pnpm update command now supports updating catalog: protocol dependencies and writes new specifiers to pnpm-workspace.yaml. - A new catalogMode setting is available for controlling if and how dependencies are added to the default catalog. It can be configured to several modes: - strict: Only allows dependency versions from the catalog. Adding a dependency outside the catalog's version range will cause an error. - prefer: Prefers catalog versions, but will fall back to direct dependencies if no compatible version is found. - manual (default): Does not automatically add dependencies to the catalog. - Added two new CLI options (--save-catalog and --save-catalog-name=<name>) to pnpm add to save new dependencies as catalog entries. catalog: or catalog:<name> will be added to package.json and the package specifier will be added to the catalogs or catalog[<name>] object in pnpm-workspace.yaml #9425. - Semi-breaking. The keys used for side-effects caches have changed. If you have a side-effects cache generated by a previous version of pnpm, the new version will not use it and will create a new cache instead #9605. - Added a new setting called ci for explicitly telling pnpm if the current environment is a CI or not. * Patch Changes - Sort versions printed by pnpm patch using semantic versioning rules. - Improve the way the error message displays mismatched specifiers. Show differences instead of 2 whole objects #9598. - Revert #9574 to fix a regression #9596. - update to 10.11.1: * Patch Changes - Fix an issue in which pnpm deploy --legacy creates unexpected directories when the root package.json has a workspace package as a peer dependency #9550. - Dependencies specified via a URL that redirects will only be locked to the target if it is immutable, fixing a regression when installing from GitHub releases. (#9531) - Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #9505. - Use pnpm_config_ env variables instead of npm_config_ #9571. - Fix a regression (in v10.9.0) causing the --lockfile-only flag on pnpm update to produce a different pnpm-lock.yaml than an update without the flag. - Let pnpm deploy work in repos with overrides when inject-workspace-packages=true #9283. - Fixed the problem of path loss caused by parsing URL address. Fixes a regression shipped in pnpm v10.11 via #9502. - pnpm -r --silent run should not print out section #9563. - update to 10.11.0: * Minor Changes - A new setting added for pnpm init to create a package.json with type=module, when init-type is module. Works as a flag for the init command too #9463. - Added support for Nushell to pnpm setup #6476. - Added two new flags to the pnpm audit command, --ignore and --ignore-unfixable #8474. Ignore all vulnerabilities that have no solution: > pnpm audit --ignore-unfixable Provide a list of CVE's to ignore those specifically, even if they have a resolution. > pnpm audit --ignore=CVE-2021-1234 --ignore=CVE-2021-5678 - Added support for recursively running pack in every project of a workspace #4351. Now you can run pnpm -r pack to pack all packages in the workspace. * Patch Changes - pnpm version management should work, when dangerouslyAllowAllBuilds is set to true #9472. - pnpm link should work from inside a workspace #9506. - Set the default workspaceConcurrency to Math.min(os.availableParallelism(), 4) #9493. - Installation should not exit with an error if strictPeerDependencies is true but all issues are ignored by peerDependencyRules #9505. - Read updateConfig from pnpm-workspace.yaml #9500. - Add support for recursive pack - Remove url.parse usage to fix warning on Node.js 24 #9492. - pnpm run should be able to run commands from the workspace root, if ignoreScripts is set tot true #4858. - update to 10.10.0: * Allow loading the preResolution, importPackage, and fetchers hooks from local pnpmfile. * Fix cd command, when shellEmulator is true #7838. * Sort keys in pnpm-workspace.yaml #9453. * Pass the npm_package_json environment variable to the executed scripts #9452. * Fixed a mistake in the description of the --reporter=silent option. - update to 10.9.0: * Minor Changes - Added support for installing JSR packages. You can now install JSR packages using the following syntax: add jsr:<pkg_name> or with a version range: pnpm add jsr:<pkg_name>@<range> For example, running: pnpm add jsr:@foo/bar will add the following entry to your package.json: { "dependencies": { "@foo/bar": "jsr:^0.1.2" } } When publishing, this entry will be transformed into a format compatible with npm, older versions of Yarn, and previous pnpm versions: { "dependencies": { "@foo/bar": "npm:@jsr/foo__bar@^0.1.2" } } Related issue: #8941. Note: The @jsr scope defaults to https://npm.jsr.io/ if the @jsr:registry setting is not defined. - Added a new setting, dangerouslyAllowAllBuilds, for automatically running any scripts of dependencies without the need to approve any builds. It was already possible to allow all builds by adding this to pnpm-workspace.yaml: neverBuiltDependencies: [] dangerouslyAllowAllBuilds has the same effect but also allows to be set globally via: pnpm config set dangerouslyAllowAllBuilds true It can also be set when running a command: pnpm install --dangerously-allow-all-builds * Patch Changes - Fix a false negative in verifyDepsBeforeRun when nodeLinker is hoisted and there is a workspace package without dependencies and node_modules directory #9424. - Explicitly drop verifyDepsBeforeRun support for nodeLinker: pnp. Combining verifyDepsBeforeRun and nodeLinker: pnp will now print a warning. - udate to 10.8.1: * Patch Changes - Removed bright white highlighting, which didn't look good on some light themes #9389. - If there is no pnpm related configuration in package.json, onlyBuiltDependencies will be written to pnpm-workspace.yaml file #9404. - The patch file path saved by the pnpm patch-commit and patch-remove commands should be a relative path #9403. - update to 10.8: * Minor Changes Experimental. A new hook is supported for updating configuration settings. The hook can be provided via .pnpmfile.cjs. For example: module.exports = { hooks: { updateConfig: (config) => ({ ...config, nodeLinker: "hoisted", }), }, }; Now you can use the pnpm add command with the --config flag to install new configurational dependencies #9377. * Patch Changes - Do not hang indefinitely, when there is a glob that starts with !/ in pnpm-workspace.yaml. This fixes a regression introduced by #9169. - pnpm audit --fix should update the overrides in pnpm-workspace.yaml. - pnpm link should update overrides in pnpm-workspace.yaml, not in package.json #9365. - update to 10.7.1: * Patch Changes - pnpm config set should convert the settings to their correct type before adding them to pnpm-workspace.yaml #9355. - pnpm config get should read auth related settings via npm CLI #9345. - Replace leading ~/ in a path in .npmrc with the home directory #9217. - update to 10.7: * Minor Changes - pnpm config get and list also show settings set in pnpm-workspace.yaml files #9316. - It should be possible to use env variables in pnpm-workspace.yaml setting names and value. - Add an ability to patch dependencies by version ranges. Exact versions override version ranges, which in turn override name-only patches. Version range * is the same as name-only, except that patch application failure will not be ignored. For example: patchedDependencies: foo: patches/foo-1.patch foo@^2.0.0: patches/foo-2.patch foo@2.1.0: patches/foo-3.patch The above configuration would apply patches/foo-3.patch to foo@2.1.0, patches/foo-2.patch to all foo versions which satisfy ^2.0.0 except 2.1.0, and patches/foo-1.patch to the remaining foo versions. [!WARNING] The version ranges should not overlap. If you want to specialize a sub range, make sure to exclude it from the other keys. For example: # pnpm-workspace.yaml patchedDependencies: # the specialized sub range 'foo@2.2.0-2.8.0': patches/foo.2.2.0-2.8.0.patch # the more general patch, excluding the sub range above 'foo@>=2.0.0 <2.2.0 || >2.8.0': 'patches/foo.gte2.patch In most cases, however, it's sufficient to just define an exact version to override the range. - pnpm config set --location=project saves the setting to a pnpm-workspace.yaml file if no .npmrc file is present in the directory #9316. - Rename pnpm.allowNonAppliedPatches to pnpm.allowUnusedPatches. The old name is still supported but it would print a deprecation warning message. - Add pnpm.ignorePatchFailures to manage whether pnpm would ignore patch application failures. - If ignorePatchFailures is not set, pnpm would throw an error when patches with exact versions or version ranges fail to apply, and it would ignore failures from name-only patches. - If ignorePatchFailures is explicitly set to false, pnpm would throw an error when any type of patch fails to apply. - If ignorePatchFailures is explicitly set to true, pnpm would print a warning when any type of patch fails to apply. * Patch Changes - Remove dependency paths from audit output to prevent out-of-memory errors #9280. - update to 10.6.5: * Patch Changes - Remove warnings after having explicitly approved no builds #9296. - When installing different dependency packages, should retain the ignoredBuilds field in the .modules.yaml file #9240. - Fix usages of the catalog: protocol in injected local workspace packages. This previously errored with ERR_PNPM_SPEC_NOT_SUPPORTED_BY_ANY_RESOLVER. #8715 - Setting workspace-concurrency to less than or equal to 0 should work #9297. - update to 10.6.4: * Patch Changes - Fix pnpm dlx with --allow-build flag #9263. - Invalid Node.js version in use-node-version should not cause pnpm itself to break #9276. - The max amount of workers running for linking packages from the store has been reduced to 4 to achieve optimal results #9286. The workers are performing many file system operations, so increasing the number of CPUs doesn't help performance after some point. - update to 10.6.3: * Patch Changes - pnpm install --prod=false should not crash, when executed in a project with a pnpm-workspace.yaml file #9233. This fixes regression introduced via #9211. - Add the missing node-options config to recursive run #9180. - Removed a branching code path that only executed when dedupe-peer-dependents=false. We believe this internal refactor will not result in behavior changes, but we expect it to make future pnpm versions behave more consistently for projects that override dedupe-peer-dependents to false. There should be less unique bugs from turning off dedupe-peer-dependents. See details in #9259. - update to 10.6.2: * Patch Changes - pnpm self-update should always update the version in the packageManager field of package.json. - Fix running pnpm CLI from pnpm CLI on Windows when the CLI is bundled to an executable #8971. - pnpm patch-commit will now use the same filesystem as the store directory to compare and create patch files. - Don't show info output when --loglevel=error is used. - peerDependencyRules should be set in pnpm-workspace.yaml to take effect. - update to 10.6.1: * Patch Changes - The pnpm CLI process should not stay hanging, when --silent reporting is used. - When --loglevel is set to error, don't show installation summary, execution time, and big tarball download progress. - Don't ignore pnpm.patchedDependencies from package.json #9226. - When executing the approve-builds command, if package.json contains onlyBuiltDependencies or ignoredBuiltDependencies, the selected dependency package will continue to be written into package.json. - When a package version cannot be found in the package metadata, print the registry from which the package was fetched. - update to 10.6.0: * Minor Changes - pnpm-workspace.yaml can now hold all the settings that .npmrc accepts. The settings should use camelCase #9211. pnpm-workspace.yaml example: verifyDepsBeforeRun: install optimisticRepeatInstall: true publicHoistPattern: - "*types*" - "!@types/react" - Projects using a file: dependency on a local tarball file (i.e. .tgz, .tar.gz, .tar) will see a performance improvement during installation. Previously, using a file: dependency on a tarball caused the lockfile resolution step to always run. The lockfile will now be considered up-to-date if the tarball is unchanged. * Patch Changes - pnpm self-update should not leave a directory with a broken pnpm installation if the installation fails. - fast-glob replace with tinyglobby to reduce the size of the pnpm CLI dependencies #9169. - pnpm deploy should not remove fields from the deployed package's package.json file #9215. - pnpm self-update should not read the pnpm settings from the package.json file in the current working directory. - Fix pnpm deploy creating a package.json without the imports and license field #9193. - pnpm update -i should list only packages that have newer versions #9206. - Fix a bug causing entries in the catalogs section of the pnpm-lock.yaml file to be removed when dedupe-peer-dependents=false on a filtered install. #9112 - update to 10.5.2: * The pnpm config set command should change the global .npmrc file by default. This was a regression introduced by #9151 and shipped in pnpm v10.5.0. - update to 10.5.1: * Throw an error message if a pnpm-workspaces.yaml or pnpm-workspaces.yml file is found instead of a pnpm-workspace.yaml #9170. * Fix the update of pnpm-workspace.yaml by the pnpm approve-builds command #9168. * Normalize generated link paths in package.json #9163 * Specifying overrides in pnpm-workspace.yaml should work. * pnpm dlx should ignore settings from the package.json file in the current working directory #9178. - update to 10.5.0: * The pnpm.* settings from package.json can now be specified in the pnpm-workspace.yaml file instead #9121. * Added support for automatically syncing files of injected workspace packages after pnpm run #9081. Use the sync-injected -deps-after-scripts setting to specify which scripts build the workspace package. This tells pnpm when syncing is needed. The setting should be defined in a .npmrc file at the root of the workspace. * The packages field in pnpm-workspace.yaml became optional. * pnpm link with no parameters should work as if --global is specified #9151 * Allow scope registry CLI option without --config. prefix such as --@scope:registry=https://scope.example.com/npm #9089 * pnpm link <path> should calculate relative path from the root of the workspace directory #9132 * Fix a bug causing catalog snapshots to be removed from the pnpm-lock.yaml file when using --fix-lockfile and --filter. #8639 * Fix a bug causing catalog protocol dependencies to not re- resolve on a filtered install #8638 - update to 10.4.1: * Throws an error when the value provided by the --allow-build option overlaps with the pnpm.ignoredBuildDependencies list #9105. * Print pnpm's version after the execution time at the end of the console output. * Print warning about ignored builds of dependencies on repeat install #9106. * Setting init-package-manager should work. - includes 10.4.0: * pnpm approve-builds --global works now for allowing dependencies of globally installed packages to run postinstall scripts. * The pnpm add command now supports a new flag, --allow-build, which allows building the specified dependencies. * pnpm approve-builds should work after two consecutive pnpm install runs #9083. * Fix instruction for updating pnpm with corepack #9101. * The pnpm version specified by packageManager cannot start with v. - update to 10.3.0: * Added a new setting called strict-dep-builds. When enabled, the installation will exit with a non-zero exit code if any dependencies have unreviewed build scripts (aka postinstall scripts) #9071. * Fix a false negative of verify-deps-before-run after pnpm install --production|--no-optional #9019. * Print the warning about blocked installation scripts at the end of the installation output and make it more prominent. - update to 10.2.1: * Don't read a package from side-effects cache if it isn't allowed to be built #9042. * pnpm approve-builds should work, when executed from a subdirectory of a workspace #9042. * pnpm deploy --legacy should work without injected dependencies * Add information about how to deploy without "injected dependencies" to the "pnpm deploy" error message. - includes 10.2.0: * Packages executed via pnpm dlx and pnpm create are allowed to be built (run postinstall scripts) by default. * Quote args for scripts with shell-quote to support new lines (on POSIX only) #8980. * Fix a bug in which pnpm deploy fails to read the correct projectId when the deploy source is the same as the workspace directory #9001. * Proxy settings should be respected, when resolving Git-hosted dependencies #6530. * Prevent overrides from adding invalid version ranges to peerDependencies by keeping the peerDependencies and overriding them with prod dependencies #8978. * Sort the package names in the "pnpm.onlyBuiltDependencies" list saved by pnpm approve-builds. - update to 10.1.0: * Added a new command for printing the list of dependencies with ignored build scripts: pnpm ignored-builds #8963. * Added a new command for approving dependencies for running scripts during installation: pnpm approve-builds #8963. * Added a new setting called optimistic-repeat-install. When enabled, a fast check will be performed before proceeding to installation. This way a repeat install or an install on a project with everything up-to-date becomes a lot faster. But some edge cases might arise, so we keep it disabled by default for now #8977. * Added a new field "pnpm.ignoredBuiltDependencies" for explicitly listing packages that should not be built. When a package is in the list, pnpm will not print an info message about that package not being built #8935. * Verify that the package name is valid when executing the publish command. * When running pnpm install, the preprepare and postprepare scripts of the project should be executed #8989. * Allow workspace: and catalog: to be part of wider version range in peerDependencies. * pnpm deploy should inherit the pnpm object from the root package.json #8991. * Make sure that the deletion of a node_modules in a sub- project of a monorepo is detected as out-of-date #8959. * Fix infinite loop caused by lifecycle scripts using pnpm to execute other scripts during pnpm install with verify-deps-before-run=install #8954. * Replace strip-ansi with the built-in util. stripVTControlCharacters #9009. * Do not print patched dependencies as ignored dependencies that require a build #8952. - update to 10.0.0: * Lifecycle scripts of dependencies are not executed during installation by default! This is a breaking change aimed at increasing security. In order to allow lifecycle scripts of specific dependencies, they should be listed in the pnpm onlyBuiltDependencies field of package.json #8897 * The pnpm link command now adds overrides to the root package.json. #8653 * Secure hashing with SHA256 * Configuration updates * Changes to the global store * The # character is now escaped in directory names within node_modules/.pnpm. #8557 * Running pnpm add --global pnpm or pnpm add --global @pnpm/exe now fails with an error message, directing you to use pnpm self-update instead. #8728 * Dependencies added via a URL now record the final resolved URL in the lockfile, ensuring that any redirects are fully captured. #8833 * The pnpm deploy command now only works in workspaces that have inject-workspace-packages=true. This limitation is introduced to allow us to create a proper lockfile for the deployed project using the workspace lockfile. * Removed conversion from lockfile v6 to v9. If you need v6-to- v9 conversion, use pnpm CLI v9. * pnpm test now passes all parameters after the test keyword directly to the underlying script. This matches the behavior of pnpm run test. Previously you needed to use the -- prefix. #8619 * node-gyp updated to version 11. * pnpm deploy now tries creating a dedicated lockfile from a shared lockfile for deployment. It will fallback to deployment without a lockfile if there is no shared lockfile or force-legacy-deploy is set to true. * Added support for a new type of dependencies called "configurational dependencies". These dependencies are installed before all the other types of dependencies (befor "dependencies", "devDependencies", "optionalDependencies"). * New verify-deps-before-run setting. This setting controls how pnpm checks node_modules before running scripts #8836 * On repeated installs, pnpm performs a quick check to ensure node_modules is up to date. #8838 * pnpm add integrates with default workspace catalog: #8640 * pnpm dlx now resolves packages to their exact versions and uses these exact versions for cache keys. This ensures pnpm dlx always installs the latest requested packages #8811 * No node_modules validation on certain commands. Commands that should not modify node_modules (e.g., pnpm install --lockfile- only) no longer validate or purge node_modules. #8657 * for full changes, see https://github.com/pnpm/pnpm/releases/tag/v10.0.0 - update to 9.15.3: * Fixed the Regex used to find the package manifest during packing #8938. * pnpm update --filter <pattern> --latest <pkg> should only change the specified package for the specified workspace, when dedupe-peer-dependents is set to true #8877. * Exclude .DS_Store file at patch-commit #8922. * Fix a bug in which pnpm patch is unable to bring back old patch without specifying @version suffix #8919. - update to 9.15.2: * Fixed publish/pack error with workspace dependencies with relative paths #8904. It was broken in v9.4.0 (398472c). * Use double quotes in the command suggestion by pnpm patch on Windows #7546. * Do not fall back to SSH, when resolving a git-hosted package if git ls-remote works via HTTPS #8906. * Improve how packages with blocked lifecycle scripts are reported during installation. Always print the list of ignored scripts at the end of the output. Include a hint about how to allow the execution of those packages. - update to version 9.15.1: * pnpm remove should not link dependencies from the workspace, when link-workspace-packages is set to false #7674 * Installation with hoisted node_modules should not fail, when a dependency has itself in its own peer dependencies #8854 - update to version 9.15.0: * Metadata directory version bumped to force fresh cache after we shipped a fix to the metadata write function. This change is backward compatible as install doesn't require a metadata cache * pnpm update --global should not crash if there are no any global packages installed #7898 * Fix an exception when running pnpm update --interactive if catalogs are used. - update to version 9.14.4: * Don't ever save mutated metadata to the metadata cache - includes 9.14.3: * Some commands should ignore the packageManager field check of package.json #7959 - update to version 9.14.2: pnpm publish --json should work #8788 - includes 9.14.1: * Added support for pnpm pack --json to print packed tarball and contents in JSON format #8765 * pnpm exec should print a meaningful error message when no command is provided #8752 * pnpm setup should remove the CLI from the target location before moving the new binary #8173 * Fix ERR_PNPM_TARBALL_EXTRACT error while installing a dependency from GitHub having a slash in branch name #7697 * Don't crash if the use-node-version setting is used and the system has no Node.js installed #8769 * Convert settings in local .npmrc files to their correct types. For instance, child-concurrency should be a number, not a string #5075 * pnpm should fail if a project requires a different package manager even if manage-package-manager-versions is set to true * pnpm init should respect the --dir option #8768 - includes 9.14.0: * chore: use verify-deps-before-run * fix(init): --dir option should be respected (#8768) * feat: support json format output in pnpm pack (#8765) * fix: pnpm exec should specify command (#8774) * fix: proper types of settings in local .npmrc files (#8775) * fix: ERR_PNPM_TARBALL_EXTRACT when the URL's hash contains a slash * fix: the CLI should fail if a different package manager is required by the project * fix: ETXTBSY error on running setup (#8780) * feat: add linux-riscv64 build (#8779) * fix: remove link to X from update notifier (#8773) * docs: update sponsors * fix: upgrade cross-sapwn (#8782) * fix: don't crash when use-node-version is set and there is no node.js * docs: update changesets - update to version 9.13.2: * Detection of circular peer dependencies should not crash with aliased dependencies #8759. Fixes a regression introduced in the previous version. * Fix race condition of symlink creations caused by multiple parallel dlx processes. - update to version 9.13.1: * Fixed some edge cases where resolving circular peer dependencies caused a dead lock #8720 - update to version 9.13.0: * The self-update now accepts a version specifier to install a specific version of pnpm. * Fix Cannot read properties of undefined (reading 'name') that is printed while trying to render the missing peer dependencies warning message #8538 - update to version 9.12.3: * Don't purge node_modules, when typing "n" in the prompt that asks whether to remove node_modules before installation #8655 * Fix a bug causing pnpm to infinitely spawn itself when manage- package-manager-versions=true is set and the .tools directory is corrupt * Use crypto.hash, when available, for improved performance #8629 * Fixed a race condition in temporary file creation in the store by including worker thread ID in filename. Previously, multiple worker threads could attempt to use the same temporary file. Temporary files now include both process ID and thread ID for uniqueness #8703 * All commands should read settings from the package.json at the root of the workspace #8667 * When manage-package-manager-versions is set to true, errors spawning a self-managed version of pnpm will now be shown (instead of being silent) * Pass the find command to npm, it is an alias for npm search - includes 9.12.2: * When checking whether a file in the store has executable permissions, the new approach checks if at least one of the executable bits (owner, group, and others) is set to 1. Previously, a file was incorrectly considered executable only when all the executable bits were set to 1. This fix ensures that files with any executable permission, regardless of the user class, are now correctly identified as executable #8546 pnpm-10.22.0-bp160.1.1.noarch.rpm pnpm-bash-completion-10.22.0-bp160.1.1.noarch.rpm pnpm-fish-completion-10.22.0-bp160.1.1.noarch.rpm pnpm-zsh-completion-10.22.0-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-32 Security update for rnp moderate openSUSE Backports SLE-16.0 This update for rnp fixes the following issues: - update to 0.18.1: * CVE-2025-13470: PKESK (public-key encrypted) session keys were generated as all-zero, allowing trivial decryption of messages encrypted with public keys only (boo#1253957, CVE-2025-13402) librnp0-0.18.1-bp160.1.1.aarch64.rpm rnp-0.18.1-bp160.1.1.aarch64.rpm rnp-devel-0.18.1-bp160.1.1.aarch64.rpm librnp0-0.18.1-bp160.1.1.ppc64le.rpm rnp-0.18.1-bp160.1.1.ppc64le.rpm rnp-devel-0.18.1-bp160.1.1.ppc64le.rpm librnp0-0.18.1-bp160.1.1.s390x.rpm rnp-0.18.1-bp160.1.1.s390x.rpm rnp-devel-0.18.1-bp160.1.1.s390x.rpm librnp0-0.18.1-bp160.1.1.x86_64.rpm rnp-0.18.1-bp160.1.1.x86_64.rpm rnp-devel-0.18.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-33 Security update for trivy important openSUSE Backports SLE-16.0 This update for trivy fixes the following issues: Changes in trivy: Update to version 0.67.2 (bsc#1250625, CVE-2025-11065, bsc#1248897, CVE-2025-58058): * fix: Use `fetch-level: 1` to check out trivy-repo in the release workflow [backport: release/v0.67] (#9638) * fix: restore compatibility for google.protobuf.Value [backport: release/v0.67] (#9631) * fix: using SrcVersion instead of Version for echo detector [backport: release/v0.67] (#9629) * fix: add `buildInfo` for `BlobInfo` in `rpc` package [backport: release/v0.67] (#9615) * fix(vex): don't use reused BOM [backport: release/v0.67] (#9612) * fix(vex): don't suppress vulns for packages with infinity loop (#9465) * fix(aws): use `BuildableClient` insead of `xhttp.Client` (#9436) * refactor(misconf): replace github.com/liamg/memoryfs with internal mapfs and testing/fstest (#9282) * docs: clarify inline ignore limitations for resource-less checks (#9537) * fix(k8s): disable parallel traversal with fs cache for k8s images (#9534) * fix(misconf): handle tofu files in module detection (#9486) * feat(seal): add seal support (#9370) * docs: fix modules path and update code example (#9539) * fix: close file descriptors and pipes on error paths (#9536) * feat: add documentation URL for database lock errors (#9531) * fix(db): Dowload database when missing but metadata still exists (#9393) * feat(cloudformation): support default values and list results in Fn::FindInMap (#9515) * fix(misconf): unmark cty values before access (#9495) * feat(cli): change --list-all-pkgs default to true (#9510) * fix(nodejs): parse workspaces as objects for package-lock.json files (#9518) * refactor(fs): use underlyingPath to determine virtual files more reliably (#9302) * refactor: remove google/wire dependency and implement manual DI (#9509) * chore(deps): bump the aws group with 6 updates (#9481) * chore(deps): bump the common group across 1 directory with 24 updates (#9507) * fix(misconf): wrap legacy ENV values in quotes to preserve spaces (#9497) * docs: move info about `detection priority` into coverage section (#9469) * feat(sbom): added support for CoreOS (#9448) * fix(misconf): strip build metadata suffixes from image history (#9498) * feat(cyclonedx): preserve SBOM structure when scanning SBOM files with vulnerability updates (#9439) * docs: Fix typo in terraform docs (#9492) * feat(redhat): add os-release detection for RHEL-based images (#9458) * ci(deps): add 3-day cooldown period for Dependabot updates (#9475) * refactor: migrate from go-json-experiment to encoding/json/v2 (#9422) * fix(vuln): compare `nuget` package names in lower case (#9456) * chore: Update release flow to include chocolatey (#9460) * docs: document eol supportability (#9434) * docs(report): add nuanses about secret/license scanner in summary table (#9442) * ci: use environment variables in GitHub Actions for improved security (#9433) * chore: bump Go to 1.24.7 (#9435) * fix(nodejs): use snapshot string as `Package.ID` for pnpm packages (#9330) * ci(helm): bump Trivy version to 0.66.0 for Trivy Helm Chart 0.18.0 (#9425) Update to version 0.66.0 (bsc#1248937, CVE-2025-58058): * chore(deps): bump the aws group with 7 updates (#9419) * refactor(secret): clarify secret scanner messages (#9409) * fix(cyclonedx): handle multiple license types (#9378) * fix(repo): sanitize git repo URL before inserting into report metadata (#9391) * test: add HTTP basic authentication to git test server (#9407) * fix(sbom): add support for `file` component type of `CycloneDX` (#9372) * fix(misconf): ensure module source is known (#9404) * ci: migrate GitHub Actions from version tags to SHA pinning (#9405) * fix: create temp file under composite fs dir (#9387) * chore(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#9403) * refactor: switch to stable azcontainerregistry SDK package (#9319) * chore(deps): bump the common group with 7 updates (#9382) * refactor(misconf): migrate from custom Azure JSON parser (#9222) * fix(repo): preserve RepoMetadata on FS cache hit (#9389) * refactor(misconf): use atomic.Int32 (#9385) * chore(deps): bump the aws group with 6 updates (#9383) * docs: Fix broken link to "Built-in Checks" (#9375) * fix(plugin): don't remove plugins when updating index.yaml file (#9358) * fix: persistent flag option typo (#9374) * chore(deps): bump the common group across 1 directory with 26 updates (#9347) * fix(image): use standardized HTTP client for ECR authentication (#9322) * refactor: export `systemFileFiltering` Post Handler (#9359) * docs: update links to Semaphore pages (#9352) * fix(conda): memory leak by adding closure method for `package.json` file (#9349) * feat: add timeout handling for cache database operations (#9307) * fix(misconf): use correct field log_bucket instead of target_bucket in gcp bucket (#9296) * fix(misconf): ensure ignore rules respect subdirectory chart paths (#9324) * chore(deps): bump alpine from 3.21.4 to 3.22.1 (#9301) * feat(terraform): use .terraform cache for remote modules in plan scanning (#9277) * chore: fix some function names in comment (#9314) * chore(deps): bump the aws group with 7 updates (#9311) * docs: add explanation for how to use non-system certificates (#9081) * chore(deps): bump the github-actions group across 1 directory with 2 updates (#8962) * fix(misconf): preserve original paths of remote submodules from .terraform (#9294) * refactor(terraform): make Scan method of Terraform plan scanner private (#9272) * fix: suppress debug log for context cancellation errors (#9298) * feat(secret): implement streaming secret scanner with byte offset tracking (#9264) * fix(python): impove package name normalization (#9290) * feat(misconf): added audit config attribute (#9249) * refactor(misconf): decouple input fs and track extracted files with fs references (#9281) * test(misconf): remove BenchmarkCalculate using outdated check metadata (#9291) * refactor: simplify Detect function signature (#9280) * ci(helm): bump Trivy version to 0.65.0 for Trivy Helm Chart 0.17.0 (#9288) * fix(fs): avoid shadowing errors in file.glob (#9286) * test(misconf): move terraform scan tests to integration tests (#9271) * test(misconf): drop gcp iam test covered by another case (#9285) * chore(deps): bump to alpine from `3.21.3` to `3.21.4` (#9283) Update to version 0.65.0: * fix(cli): ensure correct command is picked by telemetry (#9260) * feat(flag): add schema validation for `--server` flag (#9270) * chore(deps): bump github.com/docker/docker from 28.3.2+incompatible to 28.3.3+incompatible (#9274) * ci: skip undefined labels in discussion triage action (#9175) * feat(repo): add git repository metadata to reports (#9252) * fix(license): handle WITH operator for `LaxSplitLicenses` (#9232) * chore: add modernize tool integration for code modernization (#9251) * fix(secret): add UTF-8 validation in secret scanner to prevent protobuf marshalling errors (#9253) * chore: implement process-safe temp file cleanup (#9241) * fix: prevent graceful shutdown message on normal exit (#9244) * fix(misconf): correctly parse empty port ranges in google_compute_firewall (#9237) * feat: add graceful shutdown with signal handling (#9242) * chore: update template URL for brew formula (#9221) * test: add end-to-end testing framework with image scan and proxy tests (#9231) * refactor(db): use `Getter` interface with `GetParams` for trivy-db sources (#9239) * ci: specify repository for `gh cache delete` in canary worklfow (#9240) * ci: remove invalid `--confirm` flag from `gh cache delete` command in canary builds (#9236) * fix(misconf): fix log bucket in schema (#9235) * chore(deps): bump the common group across 1 directory with 24 updates (#9228) * ci: move runner.os context from job-level env to step-level in canary workflow (#9233) * chore(deps): bump up Trivy-kubernetes to v0.9.1 (#9214) * feat(misconf): added logging and versioning to the gcp storage bucket (#9226) * fix(server): add HTTP transport setup to server mode (#9217) * chore: update the rpm download Update (#9202) * feat(alma): add AlmaLinux 10 support (#9207) * fix(nodejs): don't use prerelease logic for compare npm constraints (#9208) * fix(rootio): fix severity selection (#9181) * fix(sbom): merge in-graph and out-of-graph OS packages in scan results (#9194) * fix(cli): panic: attempt to get os.Args[1] when len(os.Args) < 2 (#9206) * fix(misconf): correctly adapt azure storage account (#9138) * feat(misconf): add private ip google access attribute to subnetwork (#9199) * feat(report): add CVSS vectors in sarif report (#9157) * fix(terraform): `for_each` on a map returns a resource for every key (#9156) * fix: supporting .egg-info/METADATA in python.Packaging analyzer (#9151) * chore: migrate protoc setup from Docker to buf CLI (#9184) * ci: delete cache after artifacts upload in canary workflow (#9177) * refactor: remove aws flag helper message (#9080) * ci: use gh pr view to get PR number for forked repositories in auto-ready workflow (#9183) * ci: add auto-ready-for-review workflow (#9179) * feat(image): add Docker context resolution (#9166) * ci: optimize golangci-lint performance with cache-based strategy (#9173) * feat: add HTTP request/response tracing support (#9125) * fix(aws): update amazon linux 2 EOL date (#9176) * chore: Update release workflow to trigger version updates (#9162) * chore(deps): bump helm.sh/helm/v3 from 3.18.3 to 3.18.4 (#9164) * fix: also check `filepath` when removing duplicate packages (#9142) * chore: add debug log to show image source location (#9163) * docs: add section on customizing default check data (#9114) * chore(deps): bump the common group across 1 directory with 9 updates (#9153) * docs: partners page content updates (#9149) * chore(license): add missed spdx exceptions: (#9147) * docs: trivy partners page updates (#9133) * fix: migrate from `*.list` to `*.md5sums` files for `dpkg` (#9131) * ci(helm): bump Trivy version to 0.64.1 for Trivy Helm Chart 0.16.1 (#9135) * feat(sbom): add SHA-512 hash support for CycloneDX SBOM (#9126) * fix(misconf): skip rewriting expr if attr is nil (#9113) * fix(license): add missed `GFDL-NIV-1.1` and `GFDL-NIV-1.2` into Trivy mapping (#9116) * fix(cli): Add more non-sensitive flags to telemetry (#9110) * fix(alma): parse epochs from rpmqa file (#9101) * fix(rootio): check full version to detect `root.io` packages (#9117) * chore: drop FreeBSD 32-bit support (#9102) * fix(sbom): use correct field for licenses in CycloneDX reports (#9057) * fix(secret): fix line numbers for multiple-line secrets (#9104) * feat(license): observe pkg types option in license scanner (#9091) * ci(helm): bump Trivy version to 0.64.0 for Trivy Helm Chart 0.16.0 (#9107) - (CVE-2025-53547, bsc#1246151) - Update to version 0.64.1 (bsc#1243633, CVE-2025-47291, (bsc#1246730, CVE-2025-46569): * fix(misconf): skip rewriting expr if attr is nil [backport: release/v0.64] (#9127) * fix(cli): Add more non-sensitive flags to telemetry [backport: release/v0.64] (#9124) * fix(rootio): check full version to detect `root.io` packages [backport: release/v0.64] (#9120) * fix(alma): parse epochs from rpmqa file [backport: release/v0.64] (#9119) * docs(python): fix type with METADATA file name (#9090) * feat: reject unsupported artifact types in remote image retrieval (#9052) * chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 (#9088) * refactor(misconf): rewrite Rego module filtering using functional filters (#9061) * feat(terraform): add partial evaluation for policy templates (#8967) * feat(vuln): add Root.io support for container image scanning (#9073) * feat(sbom): add manufacturer field to CycloneDX tools metadata (#9019) * fix(cli): add some values to the telemetry call (#9056) * feat(ubuntu): add end of life date for Ubuntu 25.04 (#9077) * refactor: centralize HTTP transport configuration (#9058) * test: include integration tests in linting and fix all issues (#9060) * chore(deps): bump the common group across 1 directory with 26 updates (#9063) * feat(java): dereference all maven settings.xml env placeholders (#9024) * fix(misconf): reduce log noise on incompatible check (#9029) * fix(misconf): .Config.User always takes precedence over USER in .History (#9050) * chore(deps): update Docker to v28.2.2 and fix compatibility issues (#9037) * docs(misconf): simplify misconfiguration docs (#9030) * fix(misconf): move disabled checks filtering after analyzer scan (#9002) * docs: add PR review policy for maintainers (#9032) * fix(sbom): remove unnecessary OS detection check in SBOM decoding (#9034) * test: improve and extend tests for iac/adapters/arm (#9028) * chore: bump up Go version to 1.24.4 (#9031) * feat(cli): add version constraints to annoucements (#9023) * fix(misconf): correct Azure value-to-time conversion in AsTimeValue (#9015) * feat(ubuntu): add eol date for 20.04-ESM (#8981) * fix(report): don't panic when report contains vulns, but doesn't contain packages for `table` format (#8549) * fix(nodejs): correctly parse `packages` array of `bun.lock` file (#8998) * refactor: use strings.SplitSeq instead of strings.Split in for-loop (#8983) * docs: change --disable-metrics to --disable-telemetry in example (#8999) (#9003) * feat(misconf): add OpenTofu file extension support (#8747) * refactor(misconf): set Trivy version by default in Rego scanner (#9001) * docs: fix assets with versioning (#8996) * docs: add partners page (#8988) * chore(alpine): add EOL date for Alpine 3.22 (#8992) * fix: don't show corrupted trivy-db warning for first run (#8991) * Update installation.md (#8979) * feat(misconf): normalize CreatedBy for buildah and legacy docker builder (#8953) * chore(k8s): update comments with deprecated command format (#8964) * chore: fix errors and typos in docs (#8963) * fix: Add missing version check flags (#8951) * feat(redhat): Add EOL date for RHEL 10. (#8910) * fix: Correctly check for semver versions for trivy version check (#8948) * refactor(server): change custom advisory and vulnerability data types fr… (#8923) * ci(helm): bump Trivy version to 0.63.0 for Trivy Helm Chart 0.15.0 (#8946) * fix(misconf): use argument value in WithIncludeDeprecatedChecks (#8942) * chore(deps): Bump trivy-checks (#8934) * fix(julia): add `Relationship` field support (#8939) * feat(minimos): Add support for MinimOS (#8792) * feat(alpine): add maintainer field extraction for APK packages (#8930) * feat(echo): Add Echo Support (#8833) * fix(redhat): Also try to find buildinfo in root layer (layer 0) (#8924) * fix(wolfi): support new APK database location (#8937) * feat(k8s): get components from namespaced resources (#8918) * refactor(cloudformation): remove unused ScanFile method from Scanner (#8927) * refactor(terraform): remove result sorting from scanner (#8928) * feat(misconf): Add support for `Minimum Trivy Version` (#8880) * docs: improve skipping files documentation (#8749) * feat(cli): Add available version checking (#8553) * feat(nodejs): add a bun.lock analyzer (#8897) * feat: terraform parser option to set current working directory (#8909) * perf(secret): only match secrets of meaningful length, allow example strings to not be matched (#8602) * feat(misconf): export raw Terraform data to Rego (#8741) * refactor(terraform): simplify AllReferences method signature in Attribute (#8906) * fix: check post-analyzers for StaticPaths (#8904) * feat: add Bottlerocket OS package analyzer (#8653) * feat(license): improve work text licenses with custom classification (#8888) * chore(deps): bump github.com/containerd/containerd/v2 from 2.1.0 to 2.1.1 (#8901) * chore(deps): bump the common group across 1 directory with 9 updates (#8887) * refactor(license): simplify compound license scanning (#8896) * feat(license): Support compound licenses (licenses using SPDX operators) (#8816) * fix(k8s): use in-memory cache backend during misconfig scanning (#8873) * feat(nodejs): add bun.lock parser (#8851) * feat(license): improve work with custom classification of licenses from config file (#8861) * fix(cli): disable `--skip-dir` and `--skip-files` flags for `sbom` command (#8886) * fix: julia parser panicing (#8883) * refactor(db): change logic to detect wrong DB (#8864) * fix(cli): don't use allow values for `--compliance` flag (#8881) * docs(misconf): Reorganize misconfiguration scan pages (#8206) * fix(server): add missed Relationship field for `rpc` (#8872) * feat: add JSONC support for comments and trailing commas (#8862) * fix(vex): use `lo.IsNil` to check `VEX` from OCI artifact (#8858) * feat(go): support license scanning in both GOPATH and vendor (#8843) * fix(redhat): save contentSets for OS packages in fs/vm modes (#8820) * fix: filter all files when processing files installed from package managers (#8842) * feat(misconf): add misconfiguration location to junit template (#8793) * docs(vuln): remove OSV for Python from data sources (#8841) * chore: add an issue template for maintainers (#8838) * chore: enable staticcheck (#8815) * ci(helm): bump Trivy version to 0.62.1 for Trivy Helm Chart 0.14.1 (#8836) * feat(license): scan vendor directory for license for go.mod files (#8689) * docs(java): Update info about dev deps in gradle lock (#8830) * chore(deps): bump golang.org/x/sync from 0.13.0 to 0.14.0 in the common group (#8822) * fix(java): exclude dev dependencies in gradle lockfile (#8803) * fix: octalLiteral from go-critic (#8811) * fix(redhat): trim invalid suffix from content_sets in manifest parsing (#8818) * chore(deps): bump the common group across 1 directory with 10 updates (#8817) * fix: use-any from revive (#8810) * fix: more revive rules (#8814) * docs: change in java.md: fix the Trity -to-> Trivy typo (#8813) * fix(misconf): check if for-each is known when expanding dyn block (#8808) * ci(helm): bump Trivy version to 0.62.0 for Trivy Helm Chart 0.14.0 (#8802) - Update to version 0.62.1 (bsc#1239225, CVE-2025-22868, bsc#1241724, CVE-2025-22872): * chore(deps): bump the common group across 1 directory with 10 updates [backport: release/v0.62] (#8831) * fix(misconf): check if for-each is known when expanding dyn block [backport: release/v0.62] (#8826) * fix(redhat): trim invalid suffix from content_sets in manifest parsing [backport: release/v0.62] (#8824) * feat(nodejs): add root and workspace for `yarn` packages (#8535) * fix: unused-parameter rule from revive (#8794) * chore(deps): Update trivy-checks (#8798) * fix: early-return, indent-error-flow and superfluous-else rules from revive (#8796) * fix(k8s): remove using `last-applied-configuration` (#8791) * refactor(misconf): remove unused methods from providers (#8781) * refactor(misconf): remove unused methods from iac types (#8782) * fix(misconf): filter null nodes when parsing json manifest (#8785) * fix: testifylint last issues (#8768) * fix(misconf): perform operations on attribute safely (#8774) * refactor(ubuntu): update time handling for fixing time (#8780) * chore(deps): bump golangci-lint to v2.1.2 (#8766) * feat(image): save layers metadata into report (#8394) * feat(misconf): convert AWS managed policy to document (#8757) * chore(deps): bump the docker group across 1 directory with 3 updates (#8762) * ci(helm): bump Trivy version to 0.61.1 for Trivy Helm Chart 0.13.1 (#8753) * ci(helm): create a helm branch for patches from main (#8673) * fix(terraform): hcl object expressions to return references (#8271) * chore(terraform): option to pass in instanced logger (#8738) * ci: use `Skitionek/notify-microsoft-teams` instead of `aquasecurity` fork (#8740) * chore(terraform): remove os.OpenPath call from terraform file functions (#8737) * chore(deps): bump the common group across 1 directory with 23 updates (#8733) * feat(rust): add root and workspace relationships/package for `cargo` lock files (#8676) * refactor(misconf): remove module outputs from parser.EvaluateAll (#8587) * fix(misconf): populate context correctly for module instances (#8656) * fix(misconf): check if metadata is not nil (#8647) * refactor(misconf): switch to x/json (#8719) * fix(report): clean buffer after flushing (#8725) * ci: improve PR title validation workflow (#8720) * refactor(flag): improve flag system architecture and extensibility (#8718) * fix(terraform): `evaluateStep` to correctly set `EvalContext` for multiple instances of blocks (#8555) * refactor: migrate from `github.com/aquasecurity/jfather` to `github.com/go-json-experiment/json` (#8591) * feat(misconf): support auto_provisioning_defaults in google_container_cluster (#8705) * ci: use `github.event.pull_request.user.login` for release PR check workflow (#8702) * refactor: add hook interface for extended functionality (#8585) * fix(misconf): add missing variable as unknown (#8683) * docs: Update maintainer docs (#8674) * ci(vuln): reduce github action script injection attack risk (#8610) * fix(secret): ignore .dist-info directories during secret scanning (#8646) * fix(server): fix redis key when trying to delete blob (#8649) * chore(deps): bump the testcontainers group with 2 updates (#8650) * test: use `aquasecurity` repository for test images (#8677) * chore(deps): bump the aws group across 1 directory with 5 updates (#8652) * fix(k8s): skip passed misconfigs for the summary report (#8684) * fix(k8s): correct compare artifact versions (#8682) * chore: update Docker lib (#8681) * refactor(misconf): remove unused terraform attribute methods (#8657) * feat(misconf): add option to pass Rego scanner to IaC scanner (#8369) * chore: typo fix to replace `rego` with `repo` on the RepoFlagGroup options error output (#8643) * docs: Add info about helm charts release (#8640) * ci(helm): bump Trivy version to 0.61.0 for Trivy Helm Chart 0.13.0 (#8638) Update to version 0.61.1 (bsc#1239385, CVE-2025-22869, bsc#1240466, CVE-2025-30204): * fix(k8s): skip passed misconfigs for the summary report [backport: release/v0.61] (#8748) * fix(k8s): correct compare artifact versions [backport: release/v0.61] (#8699) * test: use `aquasecurity` repository for test images [backport: release/v0.61] (#8698) * fix(misconf): Improve logging for unsupported checks (#8634) * feat(k8s): add support for controllers (#8614) * fix(debian): don't include empty licenses for `dpkgs` (#8623) * fix(misconf): Check values wholly prior to evalution (#8604) * chore(deps): Bump trivy-checks (#8619) * fix(k8s): show report for `--report all` (#8613) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (#8597) * refactor: rename scanner to service (#8584) * fix(misconf): do not skip loading documents from subdirectories (#8526) * refactor(misconf): get a block or attribute without calling HasChild (#8586) * fix(misconf): identify the chart file exactly by name (#8590) * test: use table-driven tests in Helm scanner tests (#8592) * refactor(misconf): Simplify misconfig checks bundle parsing (#8533) * chore(deps): bump the common group across 1 directory with 10 updates (#8566) * fix(misconf): do not use cty.NilVal for non-nil values (#8567) * docs(cli): improve flag value display format (#8560) * fix(misconf): set default values for AWS::EKS::Cluster.ResourcesVpcConfig (#8548) * docs: remove slack (#8565) * fix: use `--file-patterns` flag for all post analyzers (#7365) * docs(python): Mention pip-compile (#8484) * feat(misconf): adapt aws_opensearch_domain (#8550) * feat(misconf): adapt AWS::EC2::VPC (#8534) * docs: fix a broken link (#8546) * fix(fs): check postAnalyzers for StaticPaths (#8543) * refactor(misconf): remove unused methods for ec2.Instance (#8536) * feat(misconf): adapt aws_default_security_group (#8538) * feat(fs): optimize scanning performance by direct file access for known paths (#8525) * feat(misconf): adapt AWS::DynamoDB::Table (#8529) * style: Fix MD syntax in self-hosting.md (#8523) * perf(misconf): retrieve check metadata from annotations once (#8478) * feat(misconf): Add support for aws_ami (#8499) * fix(misconf): skip Azure CreateUiDefinition (#8503) * refactor(misconf): use OPA v1 (#8518) * fix(misconf): add ephemeral block type to config schema (#8513) * perf(misconf): parse input for Rego once (#8483) * feat: replace TinyGo with standard Go for WebAssembly modules (#8496) * chore: replace deprecated tenv linter with usetesting (#8504) * fix(spdx): save text licenses into `otherLicenses` without normalize (#8502) * chore(deps): bump the common group across 1 directory with 13 updates (#8491) * chore: use go.mod for managing Go tools (#8493) * ci(helm): bump Trivy version to 0.60.0 for Trivy Helm Chart 0.12.0 (#8494) * fix(sbom): improve logic for binding direct dependency to parent component (#8489) * chore(deps): remove missed replace of `trivy-db` (#8492) * chore(deps): bump alpine from 3.21.0 to 3.21.3 in the docker group across 1 directory (#8490) * chore(deps): update Go to 1.24 and switch to go-version-file (#8388) * docs: add abbreviation list (#8453) * chore(terraform): assign *terraform.Module 'parent' field (#8444) * feat: add report summary table (#8177) * chore(deps): bump the github-actions group with 3 updates (#8473) * refactor(vex): improve SBOM reference handling with project standards (#8457) * ci: update GitHub Actions cache to v4 (#8475) * feat: add `--vuln-severity-source` flag (#8269) * fix(os): add mapping OS aliases (#8466) * chore(deps): bump the aws group across 1 directory with 7 updates (#8468) * chore(deps): Bump trivy-checks to v1.7.1 (#8467) * refactor(report): write tables after rendering all results (#8357) * docs: update VEX documentation index page (#8458) * fix(db): fix case when 2 trivy-db were copied at the same time (#8452) * feat(misconf): render causes for Terraform (#8360) * fix(misconf): fix incorrect k8s locations due to JSON to YAML conversion (#8073) * feat(cyclonedx): Add initial support for loading external VEX files from SBOM references (#8254) * chore(deps): update go-rustaudit location (#8450) * fix: update all documentation links (#8045) * chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 (#8443) * chore(deps): bump the common group with 6 updates (#8411) * fix(k8s): add missed option `PkgRelationships` (#8442) * fix(sbom): add SBOM file's filePath as Application FilePath if we can't detect its path (#8346) * feat(go): fix parsing main module version for go >= 1.24 (#8433) * refactor(misconf): make Rego scanner independent of config type (#7517) * fix(image): disable AVD-DS-0007 for history scanning (#8366) * fix(server): secrets inspectation for the config analyzer in client server mode (#8418) * chore: remove mockery (#8417) * test(server): replace mock driver with memory cache in server tests (#8416) * test: replace mock with memory cache and fix non-deterministic tests (#8410) * test: replace mock with memory cache in scanner tests (#8413) * test: use memory cache (#8403) * fix(spdx): init `pkgFilePaths` map for all formats (#8380) * chore(deps): bump the common group across 1 directory with 11 updates (#8381) * docs: correct Ruby documentation (#8402) * chore: bump `mockery` to update v2.52.2 version and rebuild mock files (#8390) * fix: don't use `scope` for `trivy registry login` command (#8393) * fix(go): merge nested flags into string for ldflags for Go binaries (#8368) * chore(terraform): export module path on terraform modules (#8374) * fix(terraform): apply parser options to submodule parsing (#8377) * docs: Fix typos in documentation (#8361) * docs: fix navigate links (#8336) * ci(helm): bump Trivy version to 0.59.1 for Trivy Helm Chart 0.11.1 (#8354) * ci(spdx): add `aqua-installer` step to fix `mage` error (#8353) * chore: remove debug prints (#8347) * fix(misconf): do not log scanners when misconfig scanning is disabled (#8345) * fix(report): remove html escaping for `shortDescription` and `fullDescription` fields for sarif reports (#8344) * chore(deps): bump Go to `v1.23.5` (#8341) * fix(python): add `poetry` v2 support (#8323) * chore(deps): bump the github-actions group across 1 directory with 4 updates (#8331) * fix(misconf): ecs include enhanced for container insights (#8326) * fix(sbom): preserve OS packages from multiple SBOMs (#8325) * ci(helm): bump Trivy version to 0.59.0 for Trivy Helm Chart 0.11.0 (#8311) * (bsc#1237618, CVE-2025-27144) Update to version 0.59.1: * fix(misconf): do not log scanners when misconfig scanning is disabled [backport: release/v0.59] (#8349) * chore(deps): bump Go to `v1.23.5` [backport: release/v0.59] (#8343) * fix(python): add `poetry` v2 support [backport: release/v0.59] (#8335) * fix(sbom): preserve OS packages from multiple SBOMs [backport: release/v0.59] (#8333) Update to version 0.59.0: * feat(image): return error early if total size of layers exceeds limit (#8294) * chore(deps): Bump trivy-checks (#8310) * chore(terraform): add accessors to underlying raw hcl values (#8306) * fix: improve conversion of image config to Dockerfile (#8308) * docs: replace short codes with Unicode emojis (#8296) * feat(k8s): improve artifact selections for specific namespaces (#8248) * chore: update code owners (#8303) * fix(misconf): handle heredocs in dockerfile instructions (#8284) * fix: de-duplicate same `dpkg` packages with different filePaths from different layers (#8298) * chore(deps): bump the aws group with 7 updates (#8299) * chore(deps): bump the common group with 12 updates (#8301) * chore: enable int-conversion from perfsprint (#8194) * feat(fs): use git commit hash as cache key for clean repositories (#8278) * fix(spdx): use the `hasExtractedLicensingInfos` field for licenses that are not listed in the SPDX (#8077) * chore: use require.ErrorContains when possible (#8291) * feat(image): prevent scanning oversized container images (#8178) * chore(deps): use aqua forks for `github.com/liamg/jfather` and `github.com/liamg/iamgo` (#8289) * fix(fs): fix cache key generation to use UUID (#8275) * fix(misconf): correctly handle all YAML tags in K8S templates (#8259) * feat: add support for registry mirrors (#8244) * chore(deps): bump the common group across 1 directory with 29 updates (#8261) * refactor(license): improve license expression normalization (#8257) * feat(misconf): support for ignoring by inline comments for Dockerfile (#8115) * feat: add a examples field to check metadata (#8068) * chore(deps): bump alpine from 3.20.0 to 3.21.0 in the docker group across 1 directory (#8196) * ci: add workflow to restrict direct PRs to release branches (#8240) * fix(suse): SUSE - update OSType constants and references for compatility (#8236) * ci: fix path to main dir for canary builds (#8231) * chore(secret): add reported issues related to secrets in junit template (#8193) * refactor: use trivy-checks/pkg/specs package (#8226) * ci(helm): bump Trivy version to 0.58.1 for Trivy Helm Chart 0.10.0 (#8170) * fix(misconf): allow null values only for tf variables (#8112) * feat(misconf): support for ignoring by inline comments for Helm (#8138) * fix(redhat): check `usr/share/buildinfo/` dir to detect content sets (#8222) * chore(alpine): add EOL date for Alpine 3.21 (#8221) * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field (#8207) * fix(misconf): disable git terminal prompt on tf module load (#8026) * chore: remove aws iam related scripts (#8179) * docs: Updated JSON schema version 2 in the trivy documentation (#8188) * refactor(python): use once + debug for `License acquired from METADATA...` logs (#8175) * refactor: use slices package instead of custom function (#8172) * chore(deps): bump the common group with 6 updates (#8162) * feat(python): add support for uv dev and optional dependencies (#8134) * feat(python): add support for poetry dev dependencies (#8152) * fix(sbom): attach nested packages to Application (#8144) * docs(vex): use debian minor version in examples (#8166) * refactor: add generic Set implementation (#8149) * chore(deps): bump the aws group across 1 directory with 6 updates (#8163) * fix(python): skip dev group's deps for poetry (#8106) * fix(sbom): use root package for `unknown` dependencies (if exists) (#8104) * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` (#8140) * chore(vex): suppress CVE-2024-45338 (#8137) * feat(python): add support for uv (#8080) * chore(deps): bump the docker group across 1 directory with 3 updates (#8127) * chore(deps): bump the common group across 1 directory with 14 updates (#8126) * chore: bump go to 1.23.4 (#8123) * test: set dummy value for NUGET_PACKAGES (#8107) * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` (#8105) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 (#8103) * fix: wasm module test (#8099) * fix: CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass (#8088) * chore(vex): suppress CVE-2024-45337 (#8101) * fix(license): always trim leading and trailing spaces for licenses (#8095) * fix(sbom): scan results of SBOMs generated from container images are missing layers (#7635) * fix(redhat): correct rewriting of recommendations for the same vulnerability (#8063) * fix: enable err-error and errorf rules from perfsprint linter (#7859) * chore(deps): bump the aws group across 1 directory with 6 updates (#8074) * perf: avoid heap allocation in applier findPackage (#7883) * fix: Updated twitter icon (#7772) * docs(k8s): add a note about multi-container pods (#7815) * feat: add `--distro` flag to manually specify OS distribution for vulnerability scanning (#8070) * fix(oracle): add architectures support for advisories (#4809) * fix: handle `BLOW_UNKNOWN` error to download DBs (#8060) * feat(misconf): generate placeholders for random provider resources (#8051) * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type (#8052) * fix(flag): skip hidden flags for `--generate-default-config` command (#8046) * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props (#8050) * feat(nodejs): respect peer dependencies for dependency tree (#7989) * ci(helm): bump Trivy version to 0.58.0 for Trivy Helm Chart 0.10.0 (#8038) * fix: respect GITHUB_TOKEN to download artifacts from GHCR (#7580) * chore(deps): bump github.com/moby/buildkit from 0.17.2 to 0.18.0 in the docker group (#8029) * fix(misconf): use log instead of fmt for logging (#8033) * docs: add commercial content (#8030) - Update to version 0.58.2 ( bsc#1234512, CVE-2024-45337, bsc#1235265, CVE-2024-45338, bsc#1232948, CVE-2024-51744): * fix(misconf): allow null values only for tf variables [backport: release/v0.58] (#8238) * fix(suse): SUSE - update OSType constants and references for compatility [backport: release/v0.58] (#8237) * fix: CVE-2025-21613 and CVE-2025-21614 : go-git: argument injection via the URL field [backport: release/v0.58] (#8215) * fix(sbom): attach nested packages to Application [backport: release/v0.58] (#8168) * fix(python): skip dev group's deps for poetry [backport: release/v0.58] (#8158) * fix(sbom): use root package for `unknown` dependencies (if exists) [backport: release/v0.58] (#8156) * chore(deps): bump `golang.org/x/net` from `v0.32.0` to `v0.33.0` [backport: release/v0.58] (#8142) * chore(deps): bump `github.com/CycloneDX/cyclonedx-go` from `v0.9.1` to `v0.9.2` [backport: release/v0.58] (#8136) * fix(redhat): correct rewriting of recommendations for the same vulnerability [backport: release/v0.58] (#8135) * fix(oracle): add architectures support for advisories [backport: release/v0.58] (#8125) * fix(sbom): fix wrong overwriting of applications obtained from different sbom files but having same app type [backport: release/v0.58] (#8124) * chore(deps): bump golang.org/x/crypto from 0.30.0 to 0.31.0 [backport: release/v0.58] (#8122) * fix: handle `BLOW_UNKNOWN` error to download DBs [backport: release/v0.58] (#8121) * fix(java): correctly overwrite version from depManagement if dependency uses `project.*` props [backport: release/v0.58] (#8119) * fix(misconf): wrap AWS EnvVar to iac types (#7407) * chore(deps): Upgrade trivy-checks (#8018) * refactor(misconf): Remove unused options (#7896) * docs: add terminology page to explain Trivy concepts (#7996) * feat: add `workspaceRelationship` (#7889) * refactor(sbom): simplify relationship generation (#7985) * chore: remove Go checks (#7907) * docs: improve databases documentation (#7732) * refactor: remove support for custom Terraform checks (#7901) * docs: fix dead links (#7998) * docs: drop AWS account scanning (#7997) * fix(aws): change CPU and Memory type of ContainerDefinition to a string (#7995) * fix(cli): Handle empty ignore files more gracefully (#7962) * fix(misconf): load full Terraform module (#7925) * fix(misconf): properly resolve local Terraform cache (#7983) * refactor(k8s): add v prefix for Go packages (#7839) * test: replace Go checks with Rego (#7867) * feat(misconf): log causes of HCL file parsing errors (#7634) * chore(deps): bump the aws group across 1 directory with 7 updates (#7991) * chore(deps): bump github.com/moby/buildkit from 0.17.0 to 0.17.2 in the docker group across 1 directory (#7990) * chore(deps): update csaf module dependency from csaf-poc to gocsaf (#7992) * chore: downgrade the failed block expand message to debug (#7964) * fix(misconf): do not erase variable type for child modules (#7941) * feat(go): construct dependencies of `go.mod` main module in the parser (#7977) * feat(go): construct dependencies in the parser (#7973) * feat: add cvss v4 score and vector in scan response (#7968) * docs: add `overview` page for `others` (#7972) * fix(sbom): Fixes for Programming Language Vulnerabilities and SBOM Package Maintainer Details (#7871) * feat(suse): Align SUSE/OpenSUSE OS Identifiers (#7965) * chore(deps): bump the common group with 4 updates (#7949) * feat(oracle): add `flavors` support (#7858) * fix(misconf): Update trivy-checks default repo to `mirror.gcr.io` (#7953) * chore(deps): Bump up trivy-checks to v1.3.0 (#7959) * fix(k8s): check all results for vulnerabilities (#7946) * ci(helm): bump Trivy version to 0.57.1 for Trivy Helm Chart 0.9.0 (#7945) * feat(secret): Add built-in secrets rules for Private Packagist (#7826) * docs: Fix broken links (#7900) * docs: fix mistakes/typos (#7942) * feat: Update registry fallbacks (#7679) * fix(alpine): add `UID` for removed packages (#7887) * chore(deps): bump the aws group with 6 updates (#7902) * chore(deps): bump the common group with 6 updates (#7904) * fix(debian): infinite loop (#7928) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files (#7912) * docs: add note about temporary podman socket (#7921) * docs: combine trivy.dev into trivy docs (#7884) * test: change branch in spdx schema link to check in integration tests (#7935) * docs: add Headlamp to the Trivy Ecosystem page (#7916) * fix(report): handle `git@github.com` schema for misconfigs in `sarif` report (#7898) * chore(k8s): enhance k8s scan log (#6997) * fix(terraform): set null value as fallback for missing variables (#7669) * fix(misconf): handle null properties in CloudFormation templates (#7813) * fix(fs): add missing defered Cleanup() call to post analyzer fs (#7882) * chore(deps): bump the common group across 1 directory with 20 updates (#7876) * chore: bump containerd to v2.0.0 (#7875) * fix: Improve version comparisons when build identifiers are present (#7873) * feat(k8s): add default commands for unknown platform (#7863) * chore(deps): bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 (#7868) * refactor(secret): optimize performance by moving ToLower operation outside loop (#7862) * test: save `containerd` image into archive and use in tests (#7816) * chore(deps): bump the github-actions group across 1 directory with 2 updates (#7854) * chore: bump golangci-lint to v1.61.0 (#7853) Update to version 0.57.1: * feat: Update registry fallbacks [backport: release/v0.57] (#7944) * fix(redhat): don't return error if `root/buildinfo/content_manifests/` contains files that are not `contentSets` files [backport: release/v0.57] (#7939) * test: change branch in spdx schema link to check in integration tests [backport: release/v0.57] (#7940) * release: v0.57.0 [main] (#7710) * chore: lint `errors.Join` (#7845) * feat(db): append errors (#7843) * docs(java): add info about supported scopes (#7842) * docs: add example of creating whitelist of checks (#7821) * chore(deps): Bump trivy-checks (#7819) * fix(go): Do not trim v prefix from versions in Go Mod Analyzer (#7733) * fix(k8s): skip resources without misconfigs (#7797) * fix(sbom): use `Annotation` instead of `AttributionTexts` for `SPDX` formats (#7811) * fix(cli): add config name to skip-policy-update alias (#7820) * fix(helm): properly handle multiple archived dependencies (#7782) * refactor(misconf): Deprecate `EXCEPTIONS` for misconfiguration scanning (#7776) * fix(k8s)!: support k8s multi container (#7444) * fix(k8s): support kubernetes v1.31 (#7810) * docs: add Windows install instructions (#7800) * ci(helm): auto public Helm chart after PR merged (#7526) * feat: add end of life date for Ubuntu 24.10 (#7787) * feat(report): update gitlab template to populate operating_system value (#7735) * feat(misconf): Show misconfig ID in output (#7762) * feat(misconf): export unresolvable field of IaC types to Rego (#7765) * refactor(k8s): scan config files as a folder (#7690) * fix(license): fix license normalization for Universal Permissive License (#7766) * fix: enable usestdlibvars linter (#7770) * fix(misconf): properly expand dynamic blocks (#7612) * feat(cyclonedx): add file checksums to `CycloneDX` reports (#7507) * fix(misconf): fix for Azure Storage Account network acls adaptation (#7602) * refactor(misconf): simplify k8s scanner (#7717) * feat(parser): ignore white space in pom.xml files (#7747) * test: use forked images (#7755) * fix(java): correctly inherit `version` and `scope` from upper/root `depManagement` and `dependencies` into parents (#7541) * fix(misconf): check if property is not nil before conversion (#7578) * fix(misconf): change default ACL of digitalocean_spaces_bucket to private (#7577) * feat(misconf): ssl_mode support for GCP SQL DB instance (#7564) * test: define constants for test images (#7739) * docs: add note about disabled DS016 check (#7724) * feat(misconf): public network support for Azure Storage Account (#7601) * feat(cli): rename `trivy auth` to `trivy registry` (#7727) * docs: apt-transport-https is a transitional package (#7678) * refactor(misconf): introduce generic scanner (#7515) * fix(cli): `clean --all` deletes only relevant dirs (#7704) * feat(cli): add `trivy auth` (#7664) * fix(sbom): add options for DBs in private registries (#7660) * docs(report): fix reporting doc format (#7671) * fix(repo): `git clone` output to Stderr (#7561) * fix(redhat): include arch in PURL qualifiers (#7654) * fix(report): Fix invalid URI in SARIF report (#7645) * docs(report): Improve SARIF reporting doc (#7655) * fix(db): fix javadb downloading error handling (#7642) * feat(cli): error out when ignore file cannot be found (#7624) Update to version 0.56.2: * fix(redhat): include arch in PURL qualifiers [backport: release/v0.56] (#7702) * fix(sbom): add options for DBs in private registries [backport: release/v0.56] (#7691) - Update to version 0.51.1 (bsc#1227010, CVE-2024-3817): trivy-0.66.0-bp160.1.1.x86_64.rpm trivy-0.66.0-bp160.1.1.s390x.rpm trivy-0.66.0-bp160.1.1.ppc64le.rpm trivy-0.66.0-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-34 Security update for gitea-tea moderate openSUSE Backports SLE-16.0 This update for gitea-tea fixes the following issues: Changes in gitea-tea: - update to 0.11.1: * 61d4e57 Fix Pr Create crash (#823) * 4f33146 add test for matching logins (#820) * 08b8398 Update README.md (#819) - CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (boo#1251663) - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents (boo#1251471) - update to 0.11.0: * Fix yaml output single quote (#814) * generate man page (#811) * feat: add validation for object-format flag in repo create command (#741) * Fix release version (#815) * update gitea sdk to v0.22 (#813) * don't fallback login directly (#806) * Check duplicated login name in interact mode when creating new login (#803) * Fix bug when output json with special chars (#801) * add debug mode and update readme (#805) * update go.mod to retract the wrong tag v1.3.3 (#802) * revert completion scripts removal (#808) * Remove pagination from context (#807) * Continue auth when failed to open browser (#794) * Fix bug (#793) * Fix tea login add with ssh public key bug (#789) * Add temporary authentication via environment variables (#639) * Fix attachment size (#787) * deploy image when tagging (#792) * Add Zip URL for release list (#788) * Use bubbletea instead of survey for interacting with TUI (#786) * capitalize a few items * rm out of date comparison file * README: Document logging in to gitea (#790) * remove autocomplete command (#782) * chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 (#773) * replace arch package url (#783) * fix: Reenable -p and --limit switches (#778) - Update to 0.10.1+git.1757695903.cc20b52: - feat: add validation for object-format flag in repo create command (see gh#openSUSE/openSUSE-git#60) - Fix release version - update gitea sdk to v0.22 - don't fallback login directly - Check duplicated login name in interact mode when creating new login - Fix bug when output json with special chars - add debug mode and update readme - update go.mod to retract the wrong tag v1.3.3 - revert completion scripts removal - Remove pagination from context - Continue auth when failed to open browser - Fix bug - Fix tea login add with ssh public key bug - Add temporary authentication via environment variables - Fix attachment size - deploy image when tagging - Add Zip URL for release list - Use bubbletea instead of survey for interacting with TUI - capitalize a few items - rm out of date comparison file - README: Document logging in to gitea - remove autocomplete command - chore(deps): update ghcr.io/devcontainers/features/git-lfs docker tag to v1.2.5 - replace arch package url - fix: Reenable `-p` and `--limit` switches gitea-tea-0.11.1-bp160.1.1.aarch64.rpm gitea-tea-bash-completion-0.11.1-bp160.1.1.noarch.rpm gitea-tea-zsh-completion-0.11.1-bp160.1.1.noarch.rpm gitea-tea-0.11.1-bp160.1.1.ppc64le.rpm gitea-tea-0.11.1-bp160.1.1.s390x.rpm gitea-tea-0.11.1-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-35 Security update for tcpreplay important openSUSE Backports SLE-16.0 This update for tcpreplay fixes the following issues: - update to 4.5.2: * features added since 4.4.4 - fix/recalculate header checksum for ipv6-frag - IPv6 frag checksum support - AF_XDP socket support - tcpreplay -w (write into a pcap file) - tcpreplay --fixhdrlen - --include and --exclude options - SLL2 support - Haiku support * security fixes reported for 4.4.4 fixed in 4.5.2 - CVE-2023-4256 / bsc#1218249 - CVE-2023-43279 / bsc#1221324 - CVE-2024-3024 / bsc#1222131 (likely) - CVE-2024-22654 / bsc#1243845 - CVE-2025-9157 / bsc#1248322 - CVE-2025-9384 / bsc#1248595 - CVE-2025-9385 / bsc#1248596 - CVE-2025-9386 / bsc#1248597 - CVE-2025-9649 / bsc#1248964 - CVE-2025-51006 / bsc#1250356 tcpreplay-4.5.2-bp160.1.1.aarch64.rpm tcpreplay-4.5.2-bp160.1.1.ppc64le.rpm tcpreplay-4.5.2-bp160.1.1.s390x.rpm tcpreplay-4.5.2-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-36 Recommended update for evolution moderate openSUSE Backports SLE-16.0 This update for evolution fixes the following issues: Changes in evolution: - Fix JavaScript dictionary objects creation. Needed for WebKitGTK >= 2.50 (bsc#1252722 glgo#GNOME/evolution#3124). evolution-3.56.2-bp160.1.3.x86_64.rpm evolution-devel-3.56.2-bp160.1.3.x86_64.rpm evolution-lang-3.56.2-bp160.1.3.noarch.rpm evolution-plugin-bogofilter-3.56.2-bp160.1.3.x86_64.rpm evolution-plugin-pst-import-3.56.2-bp160.1.3.x86_64.rpm evolution-plugin-spamassassin-3.56.2-bp160.1.3.x86_64.rpm evolution-plugin-text-highlight-3.56.2-bp160.1.3.x86_64.rpm evolution-3.56.2-bp160.1.3.s390x.rpm evolution-devel-3.56.2-bp160.1.3.s390x.rpm evolution-plugin-bogofilter-3.56.2-bp160.1.3.s390x.rpm evolution-plugin-pst-import-3.56.2-bp160.1.3.s390x.rpm evolution-plugin-spamassassin-3.56.2-bp160.1.3.s390x.rpm evolution-plugin-text-highlight-3.56.2-bp160.1.3.s390x.rpm evolution-3.56.2-bp160.1.3.ppc64le.rpm evolution-devel-3.56.2-bp160.1.3.ppc64le.rpm evolution-plugin-bogofilter-3.56.2-bp160.1.3.ppc64le.rpm evolution-plugin-pst-import-3.56.2-bp160.1.3.ppc64le.rpm evolution-plugin-spamassassin-3.56.2-bp160.1.3.ppc64le.rpm evolution-plugin-text-highlight-3.56.2-bp160.1.3.ppc64le.rpm evolution-3.56.2-bp160.1.3.aarch64.rpm evolution-devel-3.56.2-bp160.1.3.aarch64.rpm evolution-plugin-bogofilter-3.56.2-bp160.1.3.aarch64.rpm evolution-plugin-pst-import-3.56.2-bp160.1.3.aarch64.rpm evolution-plugin-spamassassin-3.56.2-bp160.1.3.aarch64.rpm evolution-plugin-text-highlight-3.56.2-bp160.1.3.aarch64.rpm openSUSE-Leap-16.0-packagehub-37 Security update for redis critical openSUSE Backports SLE-16.0 This update for redis fixes the following issues: - Updated to 8.2.3 (boo#1252996 CVE-2025-62507) * https://github.com/redis/redis/releases/tag/8.2.3 - Security fixes - (CVE-2025-62507) Bug in `XACKDEL` may lead to stack overflow and potential RCE - Bug fixes - `HGETEX`: A missing `numfields` argument when `FIELDS` is used can lead to Redis crash - An overflow in `HyperLogLog` with 2GB+ entries may result in a Redis crash - Cuckoo filter - Division by zero in Cuckoo filter insertion - Cuckoo filter - Counter overflow - Bloom filter - Arbitrary memory read/write with invalid filter - Bloom filter - Out-of-bounds access with empty chain - Top-k - Out-of-bounds access - Bloom filter - Restore invalid filter [We thank AWS security for responsibly disclosing the security bug] - Updated to 8.2.2 (boo#1250995) * https://github.com/redis/redis/releases/tag/8.2.2 * Fixed Lua script may lead to remote code execution (CVE-2025-49844). * Fixed Lua script may lead to integer overflow (CVE-2025-46817). * Fixed Lua script can be executed in the context of another user (CVE-2025-46818). * Fixed LUA out-of-bound read (CVE-2025-46819). * Fixed potential crash on Lua script or streams and HFE defrag. * Fixed potential crash when using ACL rules. * Added VSIM: new EPSILON argument to specify maximum distance. * Added SVS-VAMANA: allow use of BUILD_INTEL_SVS_OPT flag. * Added RESP3 serialization performance. * Added INFO SEARCH: new SVS-VAMANA metrics. - Updated to 8.2.1 * https://github.com/redis/redis/releases/tag/8.2.1 - Bug fixes * #14240 INFO KEYSIZES - potential incorrect histogram updates on cluster mode with modules * #14274 Disable Active Defrag during flushing replica * #14276 XADD or XTRIM can crash the server after loading RDB * #Q6601 Potential crash when running FLUSHDB (MOD-10681) * Performance and resource utilization * Query Engine - LeanVec and LVQ proprietary Intel optimizations were removed from Redis Open Source * #Q6621 Fix regression in INFO (MOD-10779) redis-8.2.0-bp160.1.3.x86_64.rpm redis-8.2.0-bp160.1.3.s390x.rpm redis-8.2.0-bp160.1.3.ppc64le.rpm redis-8.2.0-bp160.1.3.aarch64.rpm openSUSE-Leap-16.0-packagehub-38 Security update for shadowsocks-v2ray-plugin, v2ray-core important openSUSE Backports SLE-16.0 This update for shadowsocks-v2ray-plugin, v2ray-core fixes the following issues: Changes in shadowsocks-v2ray-plugin: - Update version to 5.25.0 * Update v2ray-core to v5.25.0 - Add update-vendor.patch, update v2ray-core to v5.33.0 (boo#1243954 and CVE-2025-297850) Changes in v2ray-core: - Fix CVE-2025-47911 and boo#1251404 * Add fix-CVE-2025-47911.patch * Update golang.org/x/net to 0.45.0 in vendor - Update version to 5.38.0 * TLSMirror Connection Enrollment System * Add TLSMirror Sequence Watermarking * LSMirror developer preview protocol is now a part of mainline V2Ray * proxy dns with NOTIMP error * Add TLSMirror looks like TLS censorship resistant transport protocol as a developer preview transport * proxy dns with NOTIMP error * fix false success from SOCKS server when Dispatch() fails * HTTP inbound: Directly forward plain HTTP 1xx response header * add a option to override domain used to query https record * Fix bugs * Update vendor - Update version to 5.33.0 * bump github.com/quic-go/quic-go from 0.51.0 to 0.52.0(boo#1243946 and CVE-2025-297850) * Update other vendor source - Update version to 5.31.0 * Add Dns Proxy Response TTL Control * Fix call newError Base with a nil value error * Update vendor (boo#1235164) - Update version to 5.29.3 * Enable restricted mode load for http protocol client * Correctly implement QUIC sniffer when handling multiple initial packets * Fix unreleased cache buffer in QUIC sniffing * A temporary testing fix for the buffer corruption issue * QUIC Sniffer Restructure - Update version to 5.22.0 * Add packetEncoding for Hysteria * Add ECH Client Support * Add support for parsing some shadowsocks links * Add Mekya Transport * Fix bugs golang-github-teddysun-v2ray-plugin-5.15.1-bp160.1.11.noarch.rpm shadowsocks-v2ray-plugin-5.15.1-bp160.1.11.x86_64.rpm golang-github-v2fly-v2ray-core-5.18.0-bp160.1.13.noarch.rpm v2ray-core-5.18.0-bp160.1.13.x86_64.rpm shadowsocks-v2ray-plugin-5.15.1-bp160.1.11.s390x.rpm v2ray-core-5.18.0-bp160.1.13.s390x.rpm shadowsocks-v2ray-plugin-5.15.1-bp160.1.11.ppc64le.rpm v2ray-core-5.18.0-bp160.1.13.ppc64le.rpm shadowsocks-v2ray-plugin-5.15.1-bp160.1.11.aarch64.rpm v2ray-core-5.18.0-bp160.1.13.aarch64.rpm openSUSE-Leap-16.0-packagehub-39 Recommended update for openQA, os-autoinst, openQA-devel-container moderate openSUSE Backports SLE-16.0 This update for openQA, os-autoinst, openQA-devel-container fixes the following issues: Changes in openQA: - Update to version 5.1763743683.1da97aa2: * Optimize Job Group dropdown database query * Split dependency handling out of create_from_settings * Give jobs with high MAX_JOB_TIME a priority malus * Make the number of builds per group on the front page configurable * docs: Feature auto-generated deepwiki less prominently * apparmor: Additional perms for tests in osado to run - Update to version 5.1763153079.b36ac754: * Skip a build if there are no jobs * Remove unused variable - Update to version 5.1762879267.52145e9a: * Avoid installing unwanted package versions * Fix check in git_clone for dirty git dir * Prevent `t/24-worker-webui-connection.t` from running into timeout * Be explicit about certain aspects of archiving in the documentation * Fix sporadic failures in `t/ui/10-tests_overview.t` * Adapt os-autoinst-scripts reference after rename * Properly conclude scheduling if there are no jobs - Update to version 5.1762193001.2f6e71ca: * Potentially improve stability of `t/ui/16-tests_job_next_previous.t` * Avoid failing check in `t/16-utils-runcmd.t` * README: Add deepwiki badge * Dependency cron 2025-10-27 * Retry image optimizations Changes in os-autoinst: - Update to version 5.1763561851.03e049d: * Avoid `Can't exec "ffmpeg"` if ffmpeg isn't present * Fix syntax errors in nft due to multiple interfaces in $ethernet * README: Feature auto-generated deepwiki less prominently * Install NetworkManager-ovs in os-autoinst-setup-multi-machine * Add disconnect_usb (qemu only, for now) - Update to version 5.1763048144.30f43a0: * Configure ftables in os-autoinst-setup-multi-machine * Makefile: Fix reruns on incomplete build dir generations * Propagate C++ exceptions to Perl in image write function * Add support NICPCIADDR variable to QEMU backend * Remove test which causes unhandled output * Improve includes in tinycv library * Handle OpenCV exceptions when writing an image * Avoid ignoring errors silently when writing images * Avoid saving test results referring to non-existent screenshots - Update to version 5.1762250353.5150272: * Makefile: Fix reruns on incomplete build dir generations * Propagate C++ exceptions to Perl in image write function * Add support NICPCIADDR variable to QEMU backend * Remove test which causes unhandled output * Allow array keys like `ISSUES[]` as introduced in openQA commit a53b19b * Improve includes in tinycv library - Update to version 5.1761723693.2b88807: * Propagate C++ exceptions to Perl in image write function * Add support NICPCIADDR variable to QEMU backend * Remove test which causes unhandled output * Allow array keys like `ISSUES[]` as introduced in openQA commit a53b19b * Improve includes in tinycv library * Handle OpenCV exceptions when writing an image * Avoid ignoring errors silently when writing images Changes in openQA-devel-container: - Update to version 5.1763743683.1da97aa28: * Update to latest openQA version openQA-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.x86_64.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-qemu-kvm-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-qemu-x86-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.x86_64.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.x86_64.rpm openQA-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.s390x.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.s390x.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.s390x.rpm openQA-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.ppc64le.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.ppc64le.rpm openQA-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-auto-update-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-bootstrap-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-client-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-common-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-continuous-update-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-devel-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-doc-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-local-db-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-mcp-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-munin-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-python-scripts-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-single-instance-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-single-instance-nginx-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm openQA-worker-5.1763743683.1da97aa2-bp160.1.1.aarch64.rpm os-autoinst-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-devel-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-ipmi-deps-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-openvswitch-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-s390-deps-5.1763561851.03e049d-bp160.1.1.aarch64.rpm os-autoinst-swtpm-5.1763561851.03e049d-bp160.1.1.aarch64.rpm openSUSE-Leap-16.0-packagehub-4 Recommended update for opi moderate openSUSE Backports SLE-16.0 This update for opi fixes the following issues: - Version 5.8.8 * Fix adding openh264 repo on leap 16.0 This update for opi fixes the following issues: - Version 5.8.7 * Fix ocenaudio url * Add LocalSend plugin * Run all tests in verbose mode * Print written repo files in verbose mode * Increase timeouts in test/06_install_non_interactive.py * Remove DNF references from README.md This update for opi fixes the following issues: - Version 5.8.5 * add librewolf plugin (#205) * Install .NET 9 * Add verbose mode * Change the order of the process in the github module * Add rustdesk plugin This update for opi fixes the following issues: - Version 5.8.4 * Use arm64 rpm for libation on aarch64 This update for opi fixes the following issues: - Version 5.8.3 * Install dependencies rpm-build and squashfs at runtime if needed * Drop DNF support This update for opi fixes the following issues: - Version 5.8.2 * Warn about adding staging repos * Gracefully handle zypper exit code 106 (repos without cache present) This update for opi fixes the following issues: - Version 5.8.1 * Fix SyntaxWarning: invalid escape sequence '\s' This update for opi fixes the following issues: - Version 5.8.0 * Add mullvad-brower This update for opi fixes the following issues: - Version 5.7.0 * Add leap-only plugin to install zellij from github release * Don't use subprocess.run user kwarg on 15.6 * Fix tests: Use helloworld-opi-tests instead of zfs * Perform search despite locked rpmdb * Simplify backend code This update for opi fixes the following issues: - Use no macros in url in .spec for packtrack This update for opi fixes the following issues: - Version 5.6.0 * Add plugin to install vagrant from hashicorp repo This update for opi fixes the following issues: - Version 5.5.0 * Update opi/plugins/collabora.py * add collabora office desktop * Omit unsupported cli args on leap in 99_install_opi.py * Switch to PEP517 install * Fix 09_install_with_multi_repos_in_single_file_non_interactive.py * Fix 07_install_multiple.py on tumbleweed * Fix test suite on tumbleweed * Update available apps in opi - README.md This update for opi fixes the following issues: - Version 5.4.0 * Show key ID when importing or deleting package signing keys * Add option to install google-chrome-canary This update for opi fixes the following issues: - Version 5.3.0 * Fix tests for new zypper version * fix doblue slash in packman repo url * Add Plugin to install Libation opi-5.8.8-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-40 Security update for bash-git-prompt moderate openSUSE Backports SLE-16.0 This update for bash-git-prompt fixes the following issues: - CVE-2025-61659: Fixed an issue where predictable files in /tmp were used for a copy of the git index (bsc#1247489) bash-git-prompt-2.7.1-bp160.1.2.noarch.rpm openSUSE-Leap-16.0-packagehub-5 Recommended update for virtme moderate openSUSE Backports SLE-16.0 This update for virtme fixes the following issues: - Update to 1.38: * Fix the infamous Stale file handle (ESTALE) errors with virtiofsd * Fix for systemctl daemon-reload when systemd support is enabled * Fix for a kernel symlink issue affecting openSUSE/SLE * README/docs improvements * Various coding style cleanups virtme-1.38-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-6 Recommended update for lutris moderate openSUSE Backports SLE-16.0 This update for lutris fixes the following issues: - Move selinux dependency - Fix gaming under selinux (bsc#1206292) - Fix wrong placement of lang_package macro in spec file - Update to 0.5.19: * Fix Proton integration bugs so Proton-fixes are applied * Do not offer DXVK, VKD3D, D3D Extras or DDXVK-NVAPI on Proton versions; Proton will handle these. * The "Enable Esync" and "Enable Fsync" settings are now passed on to Proton * DXVK's integrated D8VK will be enabled in Proton * Emulator BIOS file location (used by libretro) may be set in Preferences * Obtain the release year from GOG and Itch.io. * MAME Machine setting uses a searchable entry for its enourmous list * Support for importing Commodore 64 ROMs - Add BuildRequires apparmor-abstractions, apparmor-rpm-macros for Leap, fix for build error: directories not owned by a package: /etc/apparmor.d - update to 0.5.18: * Lutris downloads the latest GE-Proton build for Wine if any Wine version is installed * Use dark theme by default * Display cover-art rather than banners by default * Add 'Uncategorized' view to sidebar * Preference options that do not work on Wayland will be hidden when on Wayland * Game searches can now use fancy tags like 'installed:yes' or 'source:gog', with explanatory tool-tip * A new filter button on the search box can build many of these fancy tags for you * Runner searches can use 'installed:yes' as well, but no other fancy searches or anything * Updated the Flathub and Amazon source to new APIs, restoring integration * Itch.io source integration will load a collection named 'Lutris' if present * GOG and Itch.io sources can now offer Linux and Windows installers for the same game * Added support for the 'foot' terminal * Support for DirectX 8 in DXVK v2.4 * Support for Ayatana Application Indicators * Additional options for Ruffle runner * Updated download links for the Atari800 and MicroM8 runners * No longer re-download cached installation files even when some are missing * Lutris log is included in the 'System' tab of the Preferences window * Improved error reporting, with the Lutris log included in the error details * Add AppArmor profile for Ubuntu versions >= 23.10 * Add Duckstation runner lutris-0.5.19-bp160.1.1.noarch.rpm lutris-apparmor-0.5.19-bp160.1.1.noarch.rpm lutris-lang-0.5.19-bp160.1.1.noarch.rpm openSUSE-Leap-16.0-packagehub-7 Security update for warewulf4 important openSUSE Backports SLE-16.0 This update for warewulf4 fixes the following issues: Changes in warewulf4: - Update to version 4.6.4: * v4.6.4 release updates * Convert disk booleans from wwbool to *bool which allows bools in disk to be set to false via command line (bsc#1248768) * Update NetworkManager Overlay * Disable ipv4 in NetworkManager if no address or route is specified * fix(wwctl): Create overlay edit tempfile in tmpdir * Add default for systemd name for warewulf in warewulf.conf * Atomic overlay file application in wwclient * Simpler names for overlay methods * Fix warewulfd api behavior when deleting distribution overlay - Update to version 4.6.3: * v4.6.3 release * IPv6 iPXE support * Fix a syntax error in the RPM specfile * Fix a race condition in wwctl overlay edit * Fixed handling of comma-separated mount options in `fstab` and `ignition` overlays * Move reexec.Init() to beginning of wwctl * Add documentation for using tmpfs to distribute across numa nodes * added warewuld configure option * Fix wwctl upgrade nodes to handle kernel argument lists (bsc#1227686 bsc#1227465) * Address copilot review from #1945 * Refactor wwapi tests for proper isolation * Bugfix: cloning a site overlay when parent dir does not exist * Clone to a site overlay when adding files in wwapi * Consolidated createOverlayFile and updateOverlayFile to addOverlayFile * Support for creating and updating overlay file in wwapi * Only return overlay files that refer to a path within the overlay * add overlay file deletion support * DELETE /api/overlays/{id}?force=true can delete overlays in use * Restore idempotency of PUT /api/nodes/{id} * Simplify overlay mtime api and add tests * add node overlay buildtime * Improved netplan support * Rebuild overlays for discovered nodes * Restrict userdocs from building during pr when not modified * Update to v4.6.2 GitHub release notes warewulf4-4.6.4-bp160.1.1.aarch64.rpm warewulf4-dracut-4.6.4-bp160.1.1.noarch.rpm warewulf4-man-4.6.4-bp160.1.1.noarch.rpm warewulf4-overlay-4.6.4-bp160.1.1.aarch64.rpm warewulf4-overlay-rke2-4.6.4-bp160.1.1.noarch.rpm warewulf4-overlay-slurm-4.6.4-bp160.1.1.noarch.rpm warewulf4-reference-doc-4.6.4-bp160.1.1.noarch.rpm warewulf4-4.6.4-bp160.1.1.x86_64.rpm warewulf4-overlay-4.6.4-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-8 Security update for chromium moderate openSUSE Backports SLE-16.0 This update for chromium fixes the following issues: Chromium 141.0.7390.122: * CVE-2025-12036: Inappropriate implementation in V8 (boo#1252402) chromedriver-141.0.7390.122-bp160.1.1.aarch64.rpm chromium-141.0.7390.122-bp160.1.1.aarch64.rpm chromedriver-141.0.7390.122-bp160.1.1.ppc64le.rpm chromium-141.0.7390.122-bp160.1.1.ppc64le.rpm chromedriver-141.0.7390.122-bp160.1.1.x86_64.rpm chromium-141.0.7390.122-bp160.1.1.x86_64.rpm openSUSE-Leap-16.0-packagehub-9 Optional update for fprintd moderate openSUSE Backports SLE-16.0 This update ships fprintd 1.94.4 to openSUSE Leap 16.0 and SLES Package Hub 16.0 fprintd-1.94.4-bp160.1.1.aarch64.rpm fprintd-devel-1.94.4-bp160.1.1.noarch.rpm fprintd-doc-1.94.4-bp160.1.1.noarch.rpm fprintd-lang-1.94.4-bp160.1.1.noarch.rpm fprintd-pam-1.94.4-bp160.1.1.aarch64.rpm fprintd-1.94.4-bp160.1.1.ppc64le.rpm fprintd-pam-1.94.4-bp160.1.1.ppc64le.rpm fprintd-1.94.4-bp160.1.1.x86_64.rpm fprintd-pam-1.94.4-bp160.1.1.x86_64.rpm