Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kernel-source for openSUSE:Factory checked in at 2026-06-12 19:25:31 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kernel-source (Old) and /work/SRC/openSUSE:Factory/.kernel-source.new.1981 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kernel-source" Fri Jun 12 19:25:31 2026 rev:847 rq:1358286 version:7.0.12 Changes: -------- --- /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes 2026-06-04 18:53:59.812086415 +0200 +++ /work/SRC/openSUSE:Factory/.kernel-source.new.1981/dtb-aarch64.changes 2026-06-12 19:25:48.941895312 +0200 @@ -1,0 +2,1310 @@ +Wed Jun 10 07:06:17 CEST 2026 - [email protected] + +- Linux 7.0.12 (bsc#1012628). +- Input: usbtouchscreen - clamp NEXIO data_len/x_len to URB + buffer size (bsc#1012628). +- ACPI: button: Fix ACPI GPE handler leak during removal + (bsc#1012628). +- ACPI: button: Enable wakeup GPEs for ACPI buttons at probe time + (bsc#1012628). +- xfrm: move policy_bydst RCU sync from per-netns .exit to + .pre_exit (bsc#1012628). +- net/sched: sch_sfb: Replace direct dequeue call with peek and + qdisc_dequeue_peeked (bsc#1012628). +- nfc: llcp: Fix use-after-free in llcp_sock_release() + (bsc#1012628). +- nfc: llcp: Fix use-after-free race in nfc_llcp_recv_cc() + (bsc#1012628). +- xfrm: Check for underflow in xfrm_state_mtu (bsc#1012628). +- nfc: nxp-nci: i2c: use rising-edge IRQ on ACPI systems + (bsc#1012628). +- tools/bootconfig: Fix buf leaks in apply_xbc (bsc#1012628). +- HID: remove duplicate hid_warn_ratelimited definition + (bsc#1012628). +- kunit: fix use-after-free in debugfs when using kunit.filter + (bsc#1012628). +- accel/rocket: fix UAF via dangling GEM handle in create_bo + (bsc#1012628). +- netfilter: synproxy: refresh tcphdr after skb_ensure_writable + (bsc#1012628). +- netfilter: xt_cpu: prefer raw_smp_processor_id (bsc#1012628). +- netfilter: ebtables: fix OOB read in compat_mtw_from_user + (bsc#1012628). +- netfilter: nf_tables: fix dst corruption in same register + operation (bsc#1012628). +- tun: free page on short-frame rejection in tun_xdp_one() + (bsc#1012628). +- tap: free page on error paths in tap_get_user_xdp() + (bsc#1012628). +- tun: free page on build_skb failure in tun_xdp_one() + (bsc#1012628). +- vsock: keep poll shutdown state consistent (bsc#1012628). +- net: netlink: fix sending unassigned nsid after assigned one + (bsc#1012628). +- net: netlink: don't set nsid on local notifications + (bsc#1012628). +- net/smc: Do not re-initialize smc hashtables (bsc#1012628). +- net/iucv: fix locking in .getsockopt (bsc#1012628). +- scsi: core: Run queues for all non-SDEV_DEL devices from + scsi_run_host_queues (bsc#1012628). +- scsi: scsi_debug: Add missing newline in + scsi_debug_device_reset() (bsc#1012628). +- ipv4: free net->ipv4.sysctl_local_reserved_ports after + unregister_net_sysctl_table() (bsc#1012628). +- ALSA: hda: cs35l56: Fix system name string leaks (bsc#1012628). +- ALSA: pcm: oss: Fix setup list UAF on proc write error + (bsc#1012628). +- ASoC: Intel: bytcht_es8316: Fix MCLK leak on init errors + (bsc#1012628). +- net/mlx5: HWS: Reject unsupported remove-header action + (bsc#1012628). +- net: hsr: fix potential OOB access in supervision frame handling + (bsc#1012628). +- accel/ivpu: prevent uninitialized data bug in debugfs + (bsc#1012628). +- gpio: mxc: fix irq_high handling (bsc#1012628). +- drm/i915/aux: use polling when irqs are unavailable + (bsc#1012628). +- net: Avoid checksumming unreadable skb tail on trim + (bsc#1012628). +- ethtool: rss: avoid modifying the RSS context response + (bsc#1012628). +- ethtool: rss: add missing errno on RSS context delete + (bsc#1012628). +- ethtool: rss: fix falsely ignoring indir table updates + (bsc#1012628). +- ethtool: rss: fix indir_table and hkey leak on get_rxfh failure + (bsc#1012628). +- ethtool: rss: fix hkey leak when indir_size is 0 (bsc#1012628). +- ethtool: rss: avoid device context leak on reply-build failure + (bsc#1012628). +- ethtool: module: call ethnl_ops_complete() on module flash + errors (bsc#1012628). +- ethtool: module: avoid leaking a netdev ref on module flash + errors (bsc#1012628). +- ethtool: module: avoid racy updates to dev->ethtool bitfield + (bsc#1012628). +- ethtool: module: check fw_flash_in_progress under rtnl_lock + (bsc#1012628). +- ethtool: module: fix cleanup if socket used for flashing + multiple devices (bsc#1012628). +- ethtool: cmis: require exact CDB reply length (bsc#1012628). +- ethtool: cmis: fix u16-to-u8 truncation of msleep_pre_rpl + (bsc#1012628). +- ethtool: cmis: validate start_cmd_payload_size from module + (bsc#1012628). +- ethtool: cmis: validate fw->size against start_cmd_payload_size + (bsc#1012628). +- cxl/test: Update mock dev array before calling + platform_device_add() (bsc#1012628). +- tunnels: load network headers after skb_cow() in + iptunnel_pmtud_build_icmp[v6]() (bsc#1012628). +- vxlan: do not reuse cached ip_hdr() value after + skb_tunnel_check_pmtu() (bsc#1012628). +- tunnels: do not assume transport header in + iptunnel_pmtud_check_icmp() (bsc#1012628). +- ksmbd: fix FSCTL permission bypass by adding a permission + check for FSCTL_SET_SPARSE (bsc#1012628). +- ASoC: codecs: simple-mux: Fix enum control bounds check + (bsc#1012628). +- drm/xe: Restore IDLEDLY regiter on engine reset (bsc#1012628). +- Bluetooth: 6lowpan: check skb_clone() return value in + send_mcast_pkt() (bsc#1012628). +- bonding: refuse to enslave CAN devices (bsc#1012628). +- bridge: Fix sleep in atomic context in netlink path + (bsc#1012628). +- bridge: Fix sleep in atomic context in sysfs path (bsc#1012628). +- ethtool: coalesce: cap profile updates at + NET_DIM_PARAMS_NUM_PROFILES (bsc#1012628). +- ethtool: tsconfig: fix reply error handling (bsc#1012628). +- ethtool: linkstate: fix unbalanced ethnl_ops_complete() on + PHY lookup error (bsc#1012628). +- ethtool: pse-pd: fix missing ethnl_ops_complete() (bsc#1012628). +- ethtool: tsconfig: fix missing ethnl_ops_complete() + (bsc#1012628). +- ethtool: tsinfo: fix uninitialized stats on the by-PHC path + (bsc#1012628). +- ethtool: tsinfo: don't pass ERR_PTR to genlmsg_cancel on + prepare failure (bsc#1012628). +- ethtool: strset: fix header attribute index in + ethnl_req_get_phydev() (bsc#1012628). +- ethtool: eeprom: add missing ethnl_ops_begin() / _complete() + during fallback (bsc#1012628). +- ethtool: eeprom: add more safeties to EEPROM Netlink fallback + (bsc#1012628). +- ipv6: rpl: fix hdrlen overflow in ipv6_rpl_srh_decompress() + (bsc#1012628). +- net/sched: Revert "net/sched: Restrict conditions for adding + duplicating netems to qdisc tree" (bsc#1012628). +- net/sched: fix packet loop on netem when duplicate is on + (bsc#1012628). +- net: Introduce skb tc depth field to track packet loops + (bsc#1012628). +- net/sched: Fix ethx:ingress -> ethy:egress -> ethx:ingress + mirred loop (bsc#1012628). +- net/sched: act_mirred: Fix blockcast recursion bypass leading + to stack overflow (bsc#1012628). +- net/sched: act_mirred: Fix return code in early mirred redirect + error paths (bsc#1012628). +- net: hibmcge: disable Relaxed Ordering to fix RX packet + corruption (bsc#1012628). +- net: hibmcge: move dma_rmb() after dma_sync_single_for_cpu() + in RX path (bsc#1012628). +- net/handshake: Use spin_lock_bh for hn_lock (bsc#1012628). +- nvme-tcp: store negative errno in queue->tls_err (bsc#1012628). +- net/handshake: Pass negative errno through handshake_complete() + (bsc#1012628). +- net/handshake: hand off the pinned file reference to accept_doit + (bsc#1012628). +- net/handshake: Take a long-lived file reference at submit + (bsc#1012628). +- net/handshake: Drain pending requests at net namespace exit + (bsc#1012628). +- dpll: zl3073x: detect DPLL channel count from chip ID at runtime + (bsc#1012628). +- dpll: zl3073x: add die temperature reporting for supported chips + (bsc#1012628). +- dpll: export __dpll_device_change_ntf() for use under dpll_lock + (bsc#1012628). +- dpll: zl3073x: use __dpll_device_change_ntf() and remove + change_work (bsc#1012628). +- Bluetooth: l2cap: clear chan->ident on ECRED reconfiguration + success (bsc#1012628). +- Bluetooth: L2CAP: Fix possible crash on l2cap_ecred_conn_rsp + (bsc#1012628). +- Bluetooth: hci_sync: Set HCI_CMD_DRAIN_WORKQUEUE during device + close (bsc#1012628). +- Bluetooth: hci_sync: Reset device counters in + hci_dev_close_sync() (bsc#1012628). +- gpio: adnp: fix flow control regression caused by scoped_guard() + (bsc#1012628). +- gpio: virtuser: Fix uninitialized data bug in + gpio_virtuser_direction_do_write() (bsc#1012628). +- gpio: rockchip: convert bank->clk to devm_clk_get_enabled() + (bsc#1012628). +- gpio: rockchip: teardown bugs and resource leaks (bsc#1012628). +- net: mana: Add NULL guards in teardown path to prevent panic + on attach failure (bsc#1012628). +- net: mana: Skip redundant detach on already-detached port + (bsc#1012628). +- sctp: fix race between sctp_wait_for_connect and peeloff + (bsc#1012628). +- net: pcs: pcs-mtk-lynxi: fix bpi-r3 serdes configuration + (bsc#1012628). +- vsock/virtio: bind uarg before filling zerocopy skb + (bsc#1012628). +- ipv6: fix possible infinite loop in rt6_fill_node() + (bsc#1012628). +- ipv6: fix possible infinite loop in fib6_select_path() + (bsc#1012628). +- net: skbuff: fix pskb_carve leaking zcopy pages (bsc#1012628). +- Revert "ipv6: preserve insertion order for same-scope addresses" + (bsc#1012628). +- Revert "x86/fpu: Refine and simplify the magic number check + during signal return" (bsc#1012628). +- drm/i915/psr: Add defininitions for INTEL_WA_REGISTER_CAPS + DPCD register (bsc#1012628). +- drm/i915/psr: Read Intel DPCD workaround register (bsc#1012628). +- drm/i915/psr: Apply Intel DPCD workaround when SDP on prior + line used (bsc#1012628). +- iio: imu: st_lsm6dsx: fix stack leak in tagged FIFO buffer + (bsc#1012628). +- iio: imu: adis16550: fix stack leak in trigger handler + (bsc#1012628). +- iio: pressure: bmp280: fix stack leak in bmp580 trigger handler + (bsc#1012628). +- usb: typec: ucsi: ccg: reject firmware images without a ':' + record header (bsc#1012628). +- usb: typec: tcpm: validate VDO count in Discover Identity ACK + handlers (bsc#1012628). +- usb: typec: tcpm: bound altmode_desc[] per iteration in + svdm_consume_modes() (bsc#1012628). +- usb: typec: ucsi: displayport: NAK DP_CMD_CONFIGURE without + a payload VDO (bsc#1012628). +- usb: typec: altmodes/displayport: validate count before reading + Status Update VDO (bsc#1012628). +- usb: typec: wcove: don't write past struct pd_message in + wcove_read_rx_buffer() (bsc#1012628). +- usb: typec: tcpm/tcpci_maxim: validate header NDO against + RX_BYTE_CNT (bsc#1012628). +- usb: typec: ucsi: validate connector number in + ucsi_connector_change() (bsc#1012628). +- USB: serial: safe_serial: fix memory corruption with small + endpoint (bsc#1012628). +- media: rc: igorplugusb: fix control request setup packet + (bsc#1012628). +- Input: ims-pcu - fix usb_free_coherent() size in + ims_pcu_buffers_free() (bsc#1012628). +- USB: serial: cypress_m8: fix memory corruption with small + endpoint (bsc#1012628). +- HID: quirks: Add ALWAYS_POLL quirk for SIGMACHIP USB mouse + (bsc#1012628). +- Bluetooth: btusb: Allow firmware re-download when version + matches (bsc#1012628). +- mm/vmalloc: do not trigger BUG() on BH disabled context + (bsc#1012628). +- hpfs: fix a crash if hpfs_map_dnode_bitmap fails (bsc#1012628). +- mm/damon/sysfs-schemes: delete tried region in regions_rmdirs() + (bsc#1012628). +- ipc: limit next_id allocation to the valid ID range + (bsc#1012628). +- mm: memcontrol: propagate NMI slab stats to memcg vmstats + (bsc#1012628). +- mm/migrate_device: fix pgtable leak in + migrate_vma_insert_huge_pmd_page (bsc#1012628). +- memfd: deny writeable mappings when implying SEAL_WRITE + (bsc#1012628). +- zram: fix use-after-free in zram_writeback_endio (bsc#1012628). +- mm/rmap: initialize nr_pages to 1 at loop start in + try_to_unmap_one (bsc#1012628). +- auxdisplay: line-display: fix OOB read on zero-length + message_store() (bsc#1012628). +- smb: client: fix uninitialized variable in smb2_writev_callback + (bsc#1012628). +- Bluetooth: L2CAP: use chan timer to close channels in + cleanup_listen() (bsc#1012628). +- Bluetooth: L2CAP: fix chan ref leak in l2cap_chan_timeout() + on !conn (bsc#1012628). +- Bluetooth: HIDP: fix missing length checks in + hidp_input_report() (bsc#1012628). +- Bluetooth: ISO: fix UAF in iso_recv_frame (bsc#1012628). +- Bluetooth: ISO: serialize iso_sock_clear_timer with socket lock + (bsc#1012628). +- Bluetooth: hci_conn: Fix memory leak in hci_le_big_terminate() + (bsc#1012628). +- Bluetooth: hci_qca: Use 100 ms SSR delay for rampatch and NVM + loading (bsc#1012628). +- Bluetooth: hci_sync: fix UAF in hci_le_create_cis_sync + (bsc#1012628). +- Input: xpad - fix out-of-bounds access for Share button + (bsc#1012628). +- parport: Fix race between port and client registration + (bsc#1012628). +- rust_binder: Avoid holding lock when dropping delivered_death + (bsc#1012628). +- rust_binder: avoid calling pending_oneway_finished() on + TF_UPDATE_TXN (bsc#1012628). +- USB: cdc-acm: Fix bit overlap and move quirk definitions to + header (bsc#1012628). +- KVM: arm64: Correctly cap ZCR_EL2 provided by a guest hypervisor + (bsc#1012628). +- KVM: arm64: PMU: Preserve AArch32 counter low bits + (bsc#1012628). +- KVM: SVM: Flush the current TLB when transitioning from xAVIC => + x2AVIC (bsc#1012628). +- KVM: SEV: Require in-GHCB scratch area if GHCB v2+ is in use + (bsc#1012628). +- KVM: SEV: Ignore Port I/O requests of length '0' (bsc#1012628). ++++ 1027 more lines (skipped) ++++ between /work/SRC/openSUSE:Factory/kernel-source/dtb-aarch64.changes ++++ and /work/SRC/openSUSE:Factory/.kernel-source.new.1981/dtb-aarch64.changes dtb-armv6l.changes: same change dtb-armv7l.changes: same change dtb-riscv64.changes: same change kernel-64kb.changes: same change kernel-default.changes: same change kernel-docs.changes: same change kernel-kvmsmall.changes: same change kernel-lpae.changes: same change kernel-obs-build.changes: same change kernel-obs-qa.changes: same change kernel-pae.changes: same change kernel-source.changes: same change kernel-syms.changes: same change kernel-vanilla.changes: same change kernel-zfcpdump.changes: same change ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dtb-aarch64.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:02.662470410 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:02.666470578 +0200 @@ -17,7 +17,7 @@ %define srcversion 7.0 -%define patchversion 7.0.11 +%define patchversion 7.0.12 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -25,9 +25,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: dtb-aarch64 -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif dtb-armv6l.spec: same change dtb-armv7l.spec: same change dtb-riscv64.spec: same change ++++++ kernel-64kb.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:02.826477285 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:02.830477452 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.11 -%define git_commit d1677f1efc504a663c67d79a6742e3b18764c94a +%define patchversion 7.0.12 +%define git_commit 8beab0b488b42c3b23259067bfa850985d902846 %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-64kb -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif kernel-default.spec: same change ++++++ kernel-docs.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:02.926481476 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:02.930481644 +0200 @@ -17,8 +17,8 @@ %define srcversion 7.0 -%define patchversion 7.0.11 -%define git_commit d1677f1efc504a663c67d79a6742e3b18764c94a +%define patchversion 7.0.12 +%define git_commit 8beab0b488b42c3b23259067bfa850985d902846 %define variant %{nil} %define build_html 1 %define build_pdf 0 @@ -28,9 +28,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-docs -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif ++++++ kernel-kvmsmall.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:02.966483152 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:02.970483320 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.11 -%define git_commit d1677f1efc504a663c67d79a6742e3b18764c94a +%define patchversion 7.0.12 +%define git_commit 8beab0b488b42c3b23259067bfa850985d902846 %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-kvmsmall -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif kernel-lpae.spec: same change ++++++ kernel-obs-build.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.058487009 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.062487176 +0200 @@ -19,7 +19,7 @@ #!BuildIgnore: post-build-checks -%define patchversion 7.0.11 +%define patchversion 7.0.12 %define variant %{nil} %include %_sourcedir/kernel-spec-macros @@ -38,23 +38,23 @@ %endif %endif %endif -%global kernel_package kernel%kernel_flavor-srchash-d1677f1efc504a663c67d79a6742e3b18764c94a +%global kernel_package kernel%kernel_flavor-srchash-8beab0b488b42c3b23259067bfa850985d902846 %endif %if 0%{?rhel_version} %global kernel_package kernel %endif Name: kernel-obs-build -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif Summary: package kernel and initrd for OBS VM builds License: GPL-2.0-only Group: SLES -Provides: kernel-obs-build-srchash-d1677f1efc504a663c67d79a6742e3b18764c94a +Provides: kernel-obs-build-srchash-8beab0b488b42c3b23259067bfa850985d902846 BuildRequires: coreutils BuildRequires: device-mapper BuildRequires: dracut ++++++ kernel-obs-qa.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.094488518 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.098488685 +0200 @@ -17,15 +17,15 @@ # needsrootforbuild -%define patchversion 7.0.11 +%define patchversion 7.0.12 %define variant %{nil} %include %_sourcedir/kernel-spec-macros Name: kernel-obs-qa -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif @@ -36,7 +36,7 @@ # kernel-obs-build must be also configured as VMinstall, but is required # here as well to avoid that qa and build package build parallel %if ! 0%{?qemu_user_space_build} -BuildRequires: kernel-obs-build-srchash-d1677f1efc504a663c67d79a6742e3b18764c94a +BuildRequires: kernel-obs-build-srchash-8beab0b488b42c3b23259067bfa850985d902846 %endif BuildRequires: modutils ExclusiveArch: aarch64 armv6hl armv7hl ppc64le riscv64 s390x x86_64 ++++++ kernel-pae.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.138490362 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.138490362 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.11 -%define git_commit d1677f1efc504a663c67d79a6742e3b18764c94a +%define patchversion 7.0.12 +%define git_commit 8beab0b488b42c3b23259067bfa850985d902846 %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-pae -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif ++++++ kernel-source.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.170491703 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.174491871 +0200 @@ -17,8 +17,8 @@ %define srcversion 7.0 -%define patchversion 7.0.11 -%define git_commit d1677f1efc504a663c67d79a6742e3b18764c94a +%define patchversion 7.0.12 +%define git_commit 8beab0b488b42c3b23259067bfa850985d902846 %define variant %{nil} %define gcc_package gcc %define gcc_compiler gcc @@ -28,9 +28,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-source -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif ++++++ kernel-syms.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.214493548 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.218493716 +0200 @@ -16,15 +16,15 @@ # -%define git_commit d1677f1efc504a663c67d79a6742e3b18764c94a +%define git_commit 8beab0b488b42c3b23259067bfa850985d902846 %define variant %{nil} %include %_sourcedir/kernel-spec-macros Name: kernel-syms -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif ++++++ kernel-vanilla.spec ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.262495560 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.262495560 +0200 @@ -18,8 +18,8 @@ %define srcversion 7.0 -%define patchversion 7.0.11 -%define git_commit d1677f1efc504a663c67d79a6742e3b18764c94a +%define patchversion 7.0.12 +%define git_commit 8beab0b488b42c3b23259067bfa850985d902846 %define variant %{nil} %define compress_modules zstd %define compress_vmlinux xz @@ -40,9 +40,9 @@ %(chmod +x %_sourcedir/{guards,apply-patches,check-for-config-changes,group-source-files.pl,split-modules,modversions,kabi.pl,arch-symbols,check-module-license,splitflist,mergedep,moddep,modflist,kernel-subpackage-build}) Name: kernel-vanilla -Version: 7.0.11 +Version: 7.0.12 %if 0%{?is_kotd} -Release: <RELEASE>.gd1677f1 +Release: <RELEASE>.g8beab0b %else Release: 0 %endif kernel-zfcpdump.spec: same change ++++++ _scmsync.obsinfo ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.494505285 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.502505620 +0200 @@ -1,6 +1,6 @@ -mtime: 1780379446 -commit: 0fd87125a34b4582d8cfc4b65675d239f2f6e32d8818b04d365526dcd43b61c1 +mtime: 1781070965 +commit: 9661dd3f1aa79c0639898613815b91e068ea4d8d561329b8d835173f3cbddd9c url: https://src.opensuse.org/jirislaby/kernel-source -revision: 0fd87125a34b4582d8cfc4b65675d239f2f6e32d8818b04d365526dcd43b61c1 +revision: 9661dd3f1aa79c0639898613815b91e068ea4d8d561329b8d835173f3cbddd9c trackingbranch: Kernel/stable ++++++ build.specials.obscpio ++++++ ++++++ build.specials.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/.gitignore new/.gitignore --- old/.gitignore 1970-01-01 01:00:00.000000000 +0100 +++ new/.gitignore 2026-06-10 07:56:05.000000000 +0200 @@ -0,0 +1 @@ +.osc ++++++ check-for-config-changes ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:03.726515009 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:03.734515345 +0200 @@ -10,6 +10,7 @@ 'AS_HAS_[A-Z0-9_]*' 'AS_VERSION' 'AS_WRUSS' # x86_32 + 'BINDGEN_VERSION_TEXT' 'BUILTIN_RETURN_ADDRESS_STRIPS_PAC' 'CC_ASM_FLAG_OUTPUT_BROKEN' 'CC_CAN_[A-Z_]*' @@ -42,7 +43,13 @@ 'PAHOLE_HAS_[A-Z0-9_]*' 'PAHOLE_VERSION' 'RISCV_ISA_[A-Z_]*' + 'RUST_IS_AVAILABLE' + 'RUSTC_HAS_[A-Z0-9_]*' + 'RUSTC_LLVM_MAJOR_VERSION' + 'RUSTC_LLVM_VERSION' 'RUSTC_SUPPORTS_[A-Z0-9_]*' + 'RUSTC_VERSION' + 'RUSTC_VERSION_TEXT' 'SCHED_PROXY_EXEC' 'TOOLCHAIN_HAS_[A-Z_]*' 'TOOLCHAIN_NEEDS_[A-Z_]*' ++++++ patches.kernel.org.tar.bz2 ++++++ ++++ 31683 lines of diff (skipped) ++++++ patches.suse.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/bcache-fix-uninitialized-closure-object.patch new/patches.suse/bcache-fix-uninitialized-closure-object.patch --- old/patches.suse/bcache-fix-uninitialized-closure-object.patch 2026-06-02 07:21:31.000000000 +0200 +++ new/patches.suse/bcache-fix-uninitialized-closure-object.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,40 +0,0 @@ -From: Mingzhe Zou <[email protected]> -Date: Fri, 3 Apr 2026 12:21:35 +0800 -Subject: bcache: fix uninitialized closure object -Git-commit: 20a8e451ec1c7e99060b1bbaaad03ce88c39ddb8 -Patch-mainline: v7.1-rc1 -References: git-fixes - -In the previous patch ("bcache: fix cached_dev.sb_bio use-after-free and -crash"), we adopted a simple modification suggestion from AI to fix the -use-after-free. - -But in actual testing, we found an extreme case where the device is -stopped before calling bch_write_bdev_super(). - -At this point, struct closure sb_write has not been initialized yet. -For this patch, we ensure that sb_bio has been completed via -sb_write_mutex. - -Signed-off-by: Mingzhe Zou <[email protected]> -Signed-off-by: Coly Li <[email protected]> -Link: https://patch.msgid.link/[email protected] -Fixes: fec114a98b87 ("bcache: fix cached_dev.sb_bio use-after-free and crash") -Signed-off-by: Jens Axboe <[email protected]> -Acked-by: Jiri Slaby <[email protected]> ---- - drivers/md/bcache/super.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - ---- a/drivers/md/bcache/super.c -+++ b/drivers/md/bcache/super.c -@@ -1378,7 +1378,8 @@ static CLOSURE_CALLBACK(cached_dev_free) - * The sb_bio is embedded in struct cached_dev, so we must - * ensure no I/O is in progress. - */ -- closure_sync(&dc->sb_write); -+ down(&dc->sb_write_mutex); -+ up(&dc->sb_write_mutex); - - if (dc->sb_disk) - folio_put(virt_to_folio(dc->sb_disk)); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/blk-mq-reinsert-cached-request-to-the-list.patch new/patches.suse/blk-mq-reinsert-cached-request-to-the-list.patch --- old/patches.suse/blk-mq-reinsert-cached-request-to-the-list.patch 2026-06-02 07:21:31.000000000 +0200 +++ new/patches.suse/blk-mq-reinsert-cached-request-to-the-list.patch 1970-01-01 01:00:00.000000000 +0100 @@ -1,37 +0,0 @@ -From: Keith Busch <[email protected]> -Date: Tue, 26 May 2026 08:35:31 -0700 -Subject: blk-mq: reinsert cached request to the list -Git-commit: b051bb6bf0a231117036aa607cadf55be8e63910 -Patch-mainline: v7.1-rc6 -References: git-fixes - -A previous commit removed an optimization out of caution for a scenario -that turns out not to be real: all the "queue_exit" goto's are safe to -reinsert the request into the cached_rq's plug list as they are either -from a non-blocking path, or a successful merge that already holds the -queue reference. This optimization is most needed for small sequential -workloads that successfully merge into larger requests. - -Fixes: dc278e9bf2b9 ("blk-mq: pop cached request if it is usable") -Suggested-by: Ming Lei <[email protected]> -Suggested-by: Christoph Hellwig <[email protected]> -Signed-off-by: Keith Busch <[email protected]> -Reviewed-by: Chaitanya Kulkarni <[email protected]> -Link: https://patch.msgid.link/[email protected] -Signed-off-by: Jens Axboe <[email protected]> -Acked-by: Jiri Slaby <[email protected]> ---- - block/blk-mq.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/block/blk-mq.c -+++ b/block/blk-mq.c -@@ -3244,7 +3244,7 @@ queue_exit: - if (!rq) - blk_queue_exit(q); - else -- blk_mq_free_request(rq); -+ rq_list_add_head(&plug->cached_rqs, rq); - } - - #ifdef CONFIG_BLK_MQ_STACKING diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/drm-gem-Try-to-fix-change_handle-ioctl-attempt-4.patch new/patches.suse/drm-gem-Try-to-fix-change_handle-ioctl-attempt-4.patch --- old/patches.suse/drm-gem-Try-to-fix-change_handle-ioctl-attempt-4.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/drm-gem-Try-to-fix-change_handle-ioctl-attempt-4.patch 2026-06-10 07:12:39.000000000 +0200 @@ -0,0 +1,227 @@ +From: Simona Vetter <[email protected]> +Date: Thu, 4 Jun 2026 21:44:37 +0200 +Subject: drm/gem: Try to fix change_handle ioctl, attempt 4 +Git-commit: 1a4f03d22fb655e5f192244fb2c87d8066fcfca2 +Patch-mainline: v7.1-rc7 +References: git-fixes + +[airlied: just added some comments on how to reenable] +On-list because the cat is out of the bag and we're clearly not good +enough to figure this out in private. The story thus far: + +5e28b7b94408 ("drm: Set old handle to NULL before prime swap in +change_handle") tried to fix a race condition between the gem_close and +gem_change_handle ioctls, but got a few things wrong: + +- There's a confusion with the local variable handle, which is actually + the new handle, and so the two-stage trick was actually applied to the + wrong idr slot. 7164d78559b0 ("drm/gem: fix race between + change_handle and handle_delete") tried to fix that by adding yet + another code block, but forgot to add the error handling. Which meant + we now have two paths, both kinda wrong. + +- dc366607c41c ("drm: Replace old pointer to new idr") tried to apply + another fix, but inconsistently, again because of the handle confusion + - this would be the right fix (kinda, somewhat, it's a mess) if we'd + do the two-stage approach for the new handle. Except that wasn't the + intent of the original fix. + +We also didn't have an igt merged for the original ioctl, which is a big +no-go. This was attempted to address off-list in the original bugfix, +and amd QA people claimed the bug was fixed now. Very clearly that's not +the case. Here's my attempt to sort this out: + +- Rename the local variable to new_handle, the old aliasing with + args->handle is just too dangerously confusing. + +- Merge the gem obj lookup with the two-stage idr_replace so that we + avoid getting ourselves confused there. + +- This means we don't have a surplus temporary reference anymore, only + an inherited from the idr. A concurrent gem_close on the new_handle + could steal that. Fix that with the same two-stage approach + create_tail uses. This is a bit overkill as documented in the comment, + but I also don't trust my ability to understand this all correctly, so + go with the established pattern we have from other ioctls instead for + maximum paranoia. + +- Adjust error paths. I've tried to make the error and success paths + common, because they are identical except for which handle is removed + and on which we call idr_replace to (re)install the object again. But + that made things messier to read, so I've left it at the more verbose + version, which unfortunately hides the symmetry in the entire code + flow a bit. + +- While at it, also replace the 7 space indent with 1 tab. + +And finally, because I flat out don't trust my abilities here at all +anymore: + +- Disable the ioctl until we have the igt situation and everything else + sorted out on-list and with full consensus. + +v2: + +Sashiko noticed that I didn't handle the error path for idr_replace +correctly, it must be checked with IS_ERR_OR_NULL like in +gem_handle_delete. So yeah, definitely should just the existing paths +1:1 because this is endless amounts of tricky. + +Also add the Fixes: line for the original ioctl, I forgot that too. + +Reported-by: DARKNAVY (@DarkNavyOrg) <[email protected]> +Signed-off-by: Simona Vetter <[email protected]> +Fixes: dc366607c41c ("drm: Replace old pointer to new idr") +Cc: [email protected] +Cc: [email protected] +Cc: Edward Adam Davis <[email protected]> +Cc: Dave Airlie <[email protected]> +Cc: Maarten Lankhorst <[email protected]> +Cc: Maxime Ripard <[email protected]> +Cc: Thomas Zimmermann <[email protected]> +Fixes: 5e28b7b94408 ("drm: Set old handle to NULL before prime swap in change_handle") +Cc: David Francis <[email protected]> +Cc: Puttimet Thammasaeng <[email protected]> +Cc: Christian Koenig <[email protected]> +Fixes: 7164d78559b0 ("drm/gem: fix race between change_handle and handle_delete") +Cc: Zhenghang Xiao <[email protected]> +Fixes: 5e28b7b94408 ("drm: Set old handle to NULL before prime swap in change_handle") +Reviewed-by: David Francis <[email protected]> +Signed-off-by: Dave Airlie <[email protected]> +Link: https://patch.msgid.link/[email protected] + +Acked-by: Jiri Slaby <[email protected]> +--- + drivers/gpu/drm/drm_gem.c | 73 ++++++++++++++++++++------------------------ + drivers/gpu/drm/drm_ioctl.c | 3 + + 2 files changed, 36 insertions(+), 40 deletions(-) + +--- a/drivers/gpu/drm/drm_gem.c ++++ b/drivers/gpu/drm/drm_gem.c +@@ -997,12 +997,25 @@ err: + return ret; + } + ++/* ++ * This ioctl is disabled for security reasons but also it failed ++ * to follow process in terms of adding testing in igt and verifying ++ * all the corner cases which made fixing security bugs in it even ++ * harder than necessary. ++ * ++ * To re-enable this ioctl ++ * 1. land working IGT tests in igt-gpu-tools that cover ++ * all corner cases and race conditions. ++ * 2. handle idr_preload ++ * 3. handle == 0 ++ * 4. handle == new_handle semantics definition. ++ */ + int drm_gem_change_handle_ioctl(struct drm_device *dev, void *data, + struct drm_file *file_priv) + { + struct drm_gem_change_handle *args = data; +- struct drm_gem_object *obj, *idrobj; +- int handle, ret; ++ struct drm_gem_object *obj; ++ int new_handle, ret; + + if (!drm_core_check_feature(dev, DRIVER_GEM)) + return -EOPNOTSUPP; +@@ -1010,52 +1023,36 @@ int drm_gem_change_handle_ioctl(struct d + /* idr_alloc() limitation. */ + if (args->new_handle > INT_MAX) + return -EINVAL; +- handle = args->new_handle; ++ new_handle = args->new_handle; + +- obj = drm_gem_object_lookup(file_priv, args->handle); +- if (!obj) +- return -ENOENT; +- +- if (args->handle == handle) { +- ret = 0; +- goto out; +- } ++ if (args->handle == new_handle) ++ return 0; + + mutex_lock(&file_priv->prime.lock); +- + spin_lock(&file_priv->table_lock); +- +- /* When create_tail allocs an obj idr, it needs to first alloc as NULL, +- * then later replace with the correct object. This is not necessary +- * here, because the only operations that could race are drm_prime +- * bookkeeping, and we hold the prime lock. +- */ +- ret = idr_alloc(&file_priv->object_idr, obj, handle, handle + 1, ++ ret = idr_alloc(&file_priv->object_idr, NULL, new_handle, new_handle + 1, + GFP_NOWAIT); + +- if (ret < 0) { +- spin_unlock(&file_priv->table_lock); +- goto out_unlock; +- } +- +- idrobj = idr_replace(&file_priv->object_idr, NULL, handle); +- if (idrobj != obj) { +- idr_replace(&file_priv->object_idr, idrobj, handle); +- idr_remove(&file_priv->object_idr, args->new_handle); +- spin_unlock(&file_priv->table_lock); +- ret = -ENOENT; +- goto out_unlock; +- } ++ if (ret < 0) { ++ spin_unlock(&file_priv->table_lock); ++ goto out_unlock; ++ } + +- idr_replace(&file_priv->object_idr, NULL, args->handle); ++ obj = idr_replace(&file_priv->object_idr, NULL, args->handle); ++ if (IS_ERR_OR_NULL(obj)) { ++ idr_remove(&file_priv->object_idr, new_handle); ++ spin_unlock(&file_priv->table_lock); ++ ret = -ENOENT; ++ goto out_unlock; ++ } + spin_unlock(&file_priv->table_lock); + + if (obj->dma_buf) { + ret = drm_prime_add_buf_handle(&file_priv->prime, obj->dma_buf, +- handle); ++ new_handle); + if (ret < 0) { + spin_lock(&file_priv->table_lock); +- idr_remove(&file_priv->object_idr, handle); ++ idr_remove(&file_priv->object_idr, new_handle); + idr_replace(&file_priv->object_idr, obj, args->handle); + spin_unlock(&file_priv->table_lock); + goto out_unlock; +@@ -1068,14 +1065,12 @@ int drm_gem_change_handle_ioctl(struct d + + spin_lock(&file_priv->table_lock); + idr_remove(&file_priv->object_idr, args->handle); +- idrobj = idr_replace(&file_priv->object_idr, obj, handle); ++ obj = idr_replace(&file_priv->object_idr, obj, new_handle); + spin_unlock(&file_priv->table_lock); +- WARN_ON(idrobj != NULL); ++ WARN_ON(obj != NULL); + + out_unlock: + mutex_unlock(&file_priv->prime.lock); +-out: +- drm_gem_object_put(obj); + + return ret; + } +--- a/drivers/gpu/drm/drm_ioctl.c ++++ b/drivers/gpu/drm/drm_ioctl.c +@@ -660,7 +660,8 @@ static const struct drm_ioctl_desc drm_i + DRM_IOCTL_DEF(DRM_IOCTL_GEM_CLOSE, drm_gem_close_ioctl, DRM_RENDER_ALLOW), + DRM_IOCTL_DEF(DRM_IOCTL_GEM_FLINK, drm_gem_flink_ioctl, DRM_AUTH), + DRM_IOCTL_DEF(DRM_IOCTL_GEM_OPEN, drm_gem_open_ioctl, DRM_AUTH), +- DRM_IOCTL_DEF(DRM_IOCTL_GEM_CHANGE_HANDLE, drm_gem_change_handle_ioctl, DRM_RENDER_ALLOW), ++ /* see drm_gem.c:drm_gem_change_handle_ioctl for why this is invalid */ ++ DRM_IOCTL_DEF(DRM_IOCTL_GEM_CHANGE_HANDLE, drm_invalid_op, DRM_RENDER_ALLOW), + + DRM_IOCTL_DEF(DRM_IOCTL_MODE_GETRESOURCES, drm_mode_getresources, 0), + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/i2c-dev-prevent-integer-overflow-in-I2C_TIMEOUT-ioctl.patch new/patches.suse/i2c-dev-prevent-integer-overflow-in-I2C_TIMEOUT-ioctl.patch --- old/patches.suse/i2c-dev-prevent-integer-overflow-in-I2C_TIMEOUT-ioctl.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/i2c-dev-prevent-integer-overflow-in-I2C_TIMEOUT-ioctl.patch 2026-06-10 07:12:39.000000000 +0200 @@ -0,0 +1,58 @@ +From: Mingyu Wang <[email protected]> +Date: Mon, 27 Apr 2026 10:57:45 +0800 +Subject: i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl +Git-commit: 617eb7c0961a8dfcfc811844a6396e406b2923ea +Patch-mainline: v7.1-rc3 +References: git-fixes + +While fuzzing with Syzkaller, a persistent `schedule_timeout: wrong +timeout value` warning was observed, accompanied by SMBus controller +state machine corruption. + +The I2C_TIMEOUT ioctl accepts a user-provided timeout in multiples of +10 ms. The user argument is checked against INT_MAX, but it is +subsequently multiplied by 10 before being passed to msecs_to_jiffies(). + +A malicious user can pass a large value (e.g., 429496729) that passes +the `arg > INT_MAX` check but overflows when multiplied by 10. This +results in a truncated 32-bit unsigned value that bypasses the +internal `(int)m < 0` check in `msecs_to_jiffies()`. + +The truncated value is then assigned to `client->adapter->timeout` +(a signed 32-bit int), which is reinterpreted as a negative number. +When passed to wait_for_completion_timeout(), this negative value +undergoes sign extension to a 64-bit unsigned long, triggering the +`schedule_timeout` warning and causing premature returns. This leaves +the SMBus state machine in an unrecoverable state, constituting a +local Denial of Service (DoS). + +Fix this by bounding the user argument to `INT_MAX / 10`. + +Signed-off-by: Mingyu Wang <[email protected]> +[wsa: move the comment as well] +Signed-off-by: Wolfram Sang <[email protected]> +Acked-by: Jiri Slaby <[email protected]> +--- + drivers/i2c/i2c-dev.c | 9 +++++---- + 1 file changed, 5 insertions(+), 4 deletions(-) + +--- a/drivers/i2c/i2c-dev.c ++++ b/drivers/i2c/i2c-dev.c +@@ -487,12 +487,13 @@ static long i2cdev_ioctl(struct file *fi + client->adapter->retries = arg; + break; + case I2C_TIMEOUT: +- if (arg > INT_MAX) ++ /* ++ * For historical reasons, user-space sets the timeout value in ++ * units of 10 ms. ++ */ ++ if (arg > INT_MAX / 10) + return -EINVAL; + +- /* For historical reasons, user-space sets the timeout +- * value in units of 10 ms. +- */ + client->adapter->timeout = msecs_to_jiffies(arg * 10); + break; + default: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/patches.suse/ima-return-error-early-if-file-xattr-cannot-be-changed.patch new/patches.suse/ima-return-error-early-if-file-xattr-cannot-be-changed.patch --- old/patches.suse/ima-return-error-early-if-file-xattr-cannot-be-changed.patch 1970-01-01 01:00:00.000000000 +0100 +++ new/patches.suse/ima-return-error-early-if-file-xattr-cannot-be-changed.patch 2026-06-10 07:12:39.000000000 +0200 @@ -0,0 +1,59 @@ +From: Goldwyn Rodrigues <[email protected]> +Date: Wed, 22 Apr 2026 07:34:51 -0400 +Subject: ima: return error early if file xattr cannot be changed +Git-commit: 69fc6474236d9edda6983623e4282f2bdfd8e3d8 +Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git +Patch-mainline: Queued +References: bsc#1261041 + +During early boot, the filesystem is read-only and any changes +to xattrs are not allowed. This fails in case of ext4 because +changing xattr starts an ext4 transaction which fails with the +following warning. + +WARNING: fs/ext4/ext4_jbd2.c:75 at ext4_journal_check_start+0x63/0xa0 [ext4], CPU#1: systemd-sysroot/561 +CPU: 1 UID: 0 PID: 561 Comm: systemd-sysroot Not tainted 6.19.12-1-default #1 PREEMPT(voluntary) openSUSE Tumbleweed c2dfc3c9d9f6f1233251c5d4410574fe82a348ee +Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022 +RIP: 0010:ext4_journal_check_start+0x63/0xa0 [ext4] +Call Trace: + __ext4_journal_start_sb+0x3e/0x180 [ext4 6d025f3bc52c89a957b89a89d211fadf5e9434e1] + ext4_xattr_set+0x104/0x150 [ext4 6d025f3bc52c89a957b89a89d211fadf5e9434e1] + __vfs_setxattr+0x9a/0xd0 + __vfs_setxattr_noperm+0x76/0x1f0 + ima_appraise_measurement+0x23e/0xe40 + ima_d_path+0x5a/0xd0 + process_measurement+0xb29/0xc40 + ? copy_from_kernel_nofault+0x21/0xe0 + ? fscrypt_file_open+0xc0/0xe0 + ? ext4_file_open+0x60/0x490 [ext4 6d025f3bc52c89a957b89a89d211fadf5e9434e1] + ? bpf_prog_31efb7c56239148b_restrict_filesystems+0xab/0x126 + ? __bpf_prog_exit+0x23/0xd0 + ? __bpf_tramp_exit+0xd/0x50 + ? bpf_trampoline_6442530367+0x9f/0xea + ima_file_check+0x57/0x80 + security_file_post_open+0x50/0xf0 + path_openat+0x493/0x1650 + do_filp_open+0xc7/0x170 + +Detect the state of the file early and return the error. + +Signed-off-by: Goldwyn Rodrigues <[email protected]> +Signed-off-by: Mimi Zohar <[email protected]> +--- + security/integrity/ima/ima_appraise.c | 5 +++++ + 1 file changed, 5 insertions(+) + +--- a/security/integrity/ima/ima_appraise.c ++++ b/security/integrity/ima/ima_appraise.c +@@ -90,6 +90,11 @@ static int ima_fix_xattr(struct dentry * + int rc, offset; + u8 algo = iint->ima_hash->algo; + ++ if (IS_RDONLY(d_inode(dentry))) ++ return -EROFS; ++ if (IS_IMMUTABLE(d_inode(dentry))) ++ return -EPERM; ++ + if (algo <= HASH_ALGO_SHA1) { + offset = 1; + iint->ima_hash->xattr.sha1.type = IMA_XATTR_DIGEST; ++++++ series.conf ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:06.358625334 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:06.370625837 +0200 @@ -2581,6 +2581,340 @@ patches.kernel.org/7.0.11-461-drm-msm-Restore-second-parameter-name-in-purge.patch patches.kernel.org/7.0.11-462-security-keys-fix-missed-RCU-read-section-on-l.patch patches.kernel.org/7.0.11-463-Linux-7.0.11.patch + patches.kernel.org/7.0.12-001-Input-usbtouchscreen-clamp-NEXIO-data_len-x_le.patch + patches.kernel.org/7.0.12-002-ACPI-button-Fix-ACPI-GPE-handler-leak-during-r.patch + patches.kernel.org/7.0.12-003-ACPI-button-Enable-wakeup-GPEs-for-ACPI-button.patch + patches.kernel.org/7.0.12-004-xfrm-move-policy_bydst-RCU-sync-from-per-netns.patch + patches.kernel.org/7.0.12-005-net-sched-sch_sfb-Replace-direct-dequeue-call-.patch + patches.kernel.org/7.0.12-006-bcache-fix-uninitialized-closure-object.patch + patches.kernel.org/7.0.12-007-nfc-llcp-Fix-use-after-free-in-llcp_sock_relea.patch + patches.kernel.org/7.0.12-008-nfc-llcp-Fix-use-after-free-race-in-nfc_llcp_r.patch + patches.kernel.org/7.0.12-009-xfrm-Check-for-underflow-in-xfrm_state_mtu.patch + patches.kernel.org/7.0.12-010-nfc-nxp-nci-i2c-use-rising-edge-IRQ-on-ACPI-sy.patch + patches.kernel.org/7.0.12-011-tools-bootconfig-Fix-buf-leaks-in-apply_xbc.patch + patches.kernel.org/7.0.12-012-HID-remove-duplicate-hid_warn_ratelimited-defi.patch + patches.kernel.org/7.0.12-013-kunit-fix-use-after-free-in-debugfs-when-using.patch + patches.kernel.org/7.0.12-014-accel-rocket-fix-UAF-via-dangling-GEM-handle-i.patch + patches.kernel.org/7.0.12-015-netfilter-synproxy-refresh-tcphdr-after-skb_en.patch + patches.kernel.org/7.0.12-016-netfilter-xt_cpu-prefer-raw_smp_processor_id.patch + patches.kernel.org/7.0.12-017-netfilter-ebtables-fix-OOB-read-in-compat_mtw_.patch + patches.kernel.org/7.0.12-018-netfilter-nf_tables-fix-dst-corruption-in-same.patch + patches.kernel.org/7.0.12-019-tun-free-page-on-short-frame-rejection-in-tun_.patch + patches.kernel.org/7.0.12-020-tap-free-page-on-error-paths-in-tap_get_user_x.patch + patches.kernel.org/7.0.12-021-tun-free-page-on-build_skb-failure-in-tun_xdp_.patch + patches.kernel.org/7.0.12-022-vsock-keep-poll-shutdown-state-consistent.patch + patches.kernel.org/7.0.12-023-net-netlink-fix-sending-unassigned-nsid-after-.patch + patches.kernel.org/7.0.12-024-net-netlink-don-t-set-nsid-on-local-notificati.patch + patches.kernel.org/7.0.12-025-net-smc-Do-not-re-initialize-smc-hashtables.patch + patches.kernel.org/7.0.12-026-net-iucv-fix-locking-in-.getsockopt.patch + patches.kernel.org/7.0.12-027-scsi-core-Run-queues-for-all-non-SDEV_DEL-devi.patch + patches.kernel.org/7.0.12-028-scsi-scsi_debug-Add-missing-newline-in-scsi_de.patch + patches.kernel.org/7.0.12-029-ipv4-free-net-ipv4.sysctl_local_reserved_ports.patch + patches.kernel.org/7.0.12-030-ALSA-hda-cs35l56-Fix-system-name-string-leaks.patch + patches.kernel.org/7.0.12-031-ALSA-pcm-oss-Fix-setup-list-UAF-on-proc-write-.patch + patches.kernel.org/7.0.12-032-ASoC-Intel-bytcht_es8316-Fix-MCLK-leak-on-init.patch + patches.kernel.org/7.0.12-033-net-mlx5-HWS-Reject-unsupported-remove-header-.patch + patches.kernel.org/7.0.12-034-net-hsr-fix-potential-OOB-access-in-supervisio.patch + patches.kernel.org/7.0.12-035-accel-ivpu-prevent-uninitialized-data-bug-in-d.patch + patches.kernel.org/7.0.12-036-gpio-mxc-fix-irq_high-handling.patch + patches.kernel.org/7.0.12-037-drm-i915-aux-use-polling-when-irqs-are-unavail.patch + patches.kernel.org/7.0.12-038-net-Avoid-checksumming-unreadable-skb-tail-on-.patch + patches.kernel.org/7.0.12-039-ethtool-rss-avoid-modifying-the-RSS-context-re.patch + patches.kernel.org/7.0.12-040-ethtool-rss-add-missing-errno-on-RSS-context-d.patch + patches.kernel.org/7.0.12-041-ethtool-rss-fix-falsely-ignoring-indir-table-u.patch + patches.kernel.org/7.0.12-042-ethtool-rss-fix-indir_table-and-hkey-leak-on-g.patch + patches.kernel.org/7.0.12-043-ethtool-rss-fix-hkey-leak-when-indir_size-is-0.patch + patches.kernel.org/7.0.12-044-ethtool-rss-avoid-device-context-leak-on-reply.patch + patches.kernel.org/7.0.12-045-ethtool-module-call-ethnl_ops_complete-on-modu.patch + patches.kernel.org/7.0.12-046-ethtool-module-avoid-leaking-a-netdev-ref-on-m.patch + patches.kernel.org/7.0.12-047-ethtool-module-avoid-racy-updates-to-dev-ethto.patch + patches.kernel.org/7.0.12-048-ethtool-module-check-fw_flash_in_progress-unde.patch + patches.kernel.org/7.0.12-049-ethtool-module-fix-cleanup-if-socket-used-for-.patch + patches.kernel.org/7.0.12-050-ethtool-cmis-require-exact-CDB-reply-length.patch + patches.kernel.org/7.0.12-051-ethtool-cmis-fix-u16-to-u8-truncation-of-mslee.patch + patches.kernel.org/7.0.12-052-ethtool-cmis-validate-start_cmd_payload_size-f.patch + patches.kernel.org/7.0.12-053-ethtool-cmis-validate-fw-size-against-start_cm.patch + patches.kernel.org/7.0.12-054-cxl-test-Update-mock-dev-array-before-calling-.patch + patches.kernel.org/7.0.12-055-blk-mq-reinsert-cached-request-to-the-list.patch + patches.kernel.org/7.0.12-056-tunnels-load-network-headers-after-skb_cow-in-.patch + patches.kernel.org/7.0.12-057-vxlan-do-not-reuse-cached-ip_hdr-value-after-s.patch + patches.kernel.org/7.0.12-058-tunnels-do-not-assume-transport-header-in-iptu.patch + patches.kernel.org/7.0.12-059-ksmbd-fix-FSCTL-permission-bypass-by-adding-a-.patch + patches.kernel.org/7.0.12-060-ASoC-codecs-simple-mux-Fix-enum-control-bounds.patch + patches.kernel.org/7.0.12-061-drm-xe-Restore-IDLEDLY-regiter-on-engine-reset.patch + patches.kernel.org/7.0.12-062-Bluetooth-6lowpan-check-skb_clone-return-value.patch + patches.kernel.org/7.0.12-063-bonding-refuse-to-enslave-CAN-devices.patch + patches.kernel.org/7.0.12-064-bridge-Fix-sleep-in-atomic-context-in-netlink-.patch + patches.kernel.org/7.0.12-065-bridge-Fix-sleep-in-atomic-context-in-sysfs-pa.patch + patches.kernel.org/7.0.12-066-ethtool-coalesce-cap-profile-updates-at-NET_DI.patch + patches.kernel.org/7.0.12-067-ethtool-tsconfig-fix-reply-error-handling.patch + patches.kernel.org/7.0.12-068-ethtool-linkstate-fix-unbalanced-ethnl_ops_com.patch + patches.kernel.org/7.0.12-069-ethtool-pse-pd-fix-missing-ethnl_ops_complete.patch + patches.kernel.org/7.0.12-070-ethtool-tsconfig-fix-missing-ethnl_ops_complet.patch + patches.kernel.org/7.0.12-071-ethtool-tsinfo-fix-uninitialized-stats-on-the-.patch + patches.kernel.org/7.0.12-072-ethtool-tsinfo-don-t-pass-ERR_PTR-to-genlmsg_c.patch + patches.kernel.org/7.0.12-073-ethtool-strset-fix-header-attribute-index-in-e.patch + patches.kernel.org/7.0.12-074-ethtool-eeprom-add-missing-ethnl_ops_begin-_co.patch + patches.kernel.org/7.0.12-075-ethtool-eeprom-add-more-safeties-to-EEPROM-Net.patch + patches.kernel.org/7.0.12-076-ipv6-rpl-fix-hdrlen-overflow-in-ipv6_rpl_srh_d.patch + patches.kernel.org/7.0.12-077-net-sched-Revert-net-sched-Restrict-conditions.patch + patches.kernel.org/7.0.12-078-net-sched-fix-packet-loop-on-netem-when-duplic.patch + patches.kernel.org/7.0.12-079-net-Introduce-skb-tc-depth-field-to-track-pack.patch + patches.kernel.org/7.0.12-080-net-sched-Fix-ethx-ingress-ethy-egress-ethx-in.patch + patches.kernel.org/7.0.12-081-net-sched-act_mirred-Fix-blockcast-recursion-b.patch + patches.kernel.org/7.0.12-082-net-sched-act_mirred-Fix-return-code-in-early-.patch + patches.kernel.org/7.0.12-083-net-hibmcge-disable-Relaxed-Ordering-to-fix-RX.patch + patches.kernel.org/7.0.12-084-net-hibmcge-move-dma_rmb-after-dma_sync_single.patch + patches.kernel.org/7.0.12-085-net-handshake-Use-spin_lock_bh-for-hn_lock.patch + patches.kernel.org/7.0.12-086-nvme-tcp-store-negative-errno-in-queue-tls_err.patch + patches.kernel.org/7.0.12-087-net-handshake-Pass-negative-errno-through-hand.patch + patches.kernel.org/7.0.12-088-net-handshake-hand-off-the-pinned-file-referen.patch + patches.kernel.org/7.0.12-089-net-handshake-Take-a-long-lived-file-reference.patch + patches.kernel.org/7.0.12-090-net-handshake-Drain-pending-requests-at-net-na.patch + patches.kernel.org/7.0.12-091-dpll-zl3073x-detect-DPLL-channel-count-from-ch.patch + patches.kernel.org/7.0.12-092-dpll-zl3073x-add-die-temperature-reporting-for.patch + patches.kernel.org/7.0.12-093-dpll-export-__dpll_device_change_ntf-for-use-u.patch + patches.kernel.org/7.0.12-094-dpll-zl3073x-use-__dpll_device_change_ntf-and-.patch + patches.kernel.org/7.0.12-095-Bluetooth-l2cap-clear-chan-ident-on-ECRED-reco.patch + patches.kernel.org/7.0.12-096-Bluetooth-L2CAP-Fix-possible-crash-on-l2cap_ec.patch + patches.kernel.org/7.0.12-097-Bluetooth-hci_sync-Set-HCI_CMD_DRAIN_WORKQUEUE.patch + patches.kernel.org/7.0.12-098-Bluetooth-hci_sync-Reset-device-counters-in-hc.patch + patches.kernel.org/7.0.12-099-gpio-adnp-fix-flow-control-regression-caused-b.patch + patches.kernel.org/7.0.12-100-gpio-virtuser-Fix-uninitialized-data-bug-in-gp.patch + patches.kernel.org/7.0.12-101-gpio-rockchip-convert-bank-clk-to-devm_clk_get.patch + patches.kernel.org/7.0.12-102-gpio-rockchip-teardown-bugs-and-resource-leaks.patch + patches.kernel.org/7.0.12-103-net-mana-Add-NULL-guards-in-teardown-path-to-p.patch + patches.kernel.org/7.0.12-104-net-mana-Skip-redundant-detach-on-already-deta.patch + patches.kernel.org/7.0.12-105-sctp-fix-race-between-sctp_wait_for_connect-an.patch + patches.kernel.org/7.0.12-106-net-pcs-pcs-mtk-lynxi-fix-bpi-r3-serdes-config.patch + patches.kernel.org/7.0.12-107-vsock-virtio-bind-uarg-before-filling-zerocopy.patch + patches.kernel.org/7.0.12-108-ipv6-fix-possible-infinite-loop-in-rt6_fill_no.patch + patches.kernel.org/7.0.12-109-ipv6-fix-possible-infinite-loop-in-fib6_select.patch + patches.kernel.org/7.0.12-110-net-skbuff-fix-pskb_carve-leaking-zcopy-pages.patch + patches.kernel.org/7.0.12-111-Revert-ipv6-preserve-insertion-order-for-same-.patch + patches.kernel.org/7.0.12-112-Revert-x86-fpu-Refine-and-simplify-the-magic-n.patch + patches.kernel.org/7.0.12-113-drm-i915-psr-Add-defininitions-for-INTEL_WA_RE.patch + patches.kernel.org/7.0.12-114-drm-i915-psr-Read-Intel-DPCD-workaround-regist.patch + patches.kernel.org/7.0.12-115-drm-i915-psr-Apply-Intel-DPCD-workaround-when-.patch + patches.kernel.org/7.0.12-116-iio-imu-st_lsm6dsx-fix-stack-leak-in-tagged-FI.patch + patches.kernel.org/7.0.12-117-iio-imu-adis16550-fix-stack-leak-in-trigger-ha.patch + patches.kernel.org/7.0.12-118-iio-pressure-bmp280-fix-stack-leak-in-bmp580-t.patch + patches.kernel.org/7.0.12-119-usb-typec-ucsi-ccg-reject-firmware-images-with.patch + patches.kernel.org/7.0.12-120-usb-typec-tcpm-validate-VDO-count-in-Discover-.patch + patches.kernel.org/7.0.12-121-usb-typec-tcpm-bound-altmode_desc-per-iteratio.patch + patches.kernel.org/7.0.12-122-usb-typec-ucsi-displayport-NAK-DP_CMD_CONFIGUR.patch + patches.kernel.org/7.0.12-123-usb-typec-altmodes-displayport-validate-count-.patch + patches.kernel.org/7.0.12-124-usb-typec-wcove-don-t-write-past-struct-pd_mes.patch + patches.kernel.org/7.0.12-125-usb-typec-tcpm-tcpci_maxim-validate-header-NDO.patch + patches.kernel.org/7.0.12-126-usb-typec-ucsi-validate-connector-number-in-uc.patch + patches.kernel.org/7.0.12-127-USB-serial-safe_serial-fix-memory-corruption-w.patch + patches.kernel.org/7.0.12-128-media-rc-igorplugusb-fix-control-request-setup.patch + patches.kernel.org/7.0.12-129-Input-ims-pcu-fix-usb_free_coherent-size-in-im.patch + patches.kernel.org/7.0.12-130-USB-serial-cypress_m8-fix-memory-corruption-wi.patch + patches.kernel.org/7.0.12-131-HID-quirks-Add-ALWAYS_POLL-quirk-for-SIGMACHIP.patch + patches.kernel.org/7.0.12-132-Bluetooth-btusb-Allow-firmware-re-download-whe.patch + patches.kernel.org/7.0.12-133-mm-vmalloc-do-not-trigger-BUG-on-BH-disabled-c.patch + patches.kernel.org/7.0.12-134-hpfs-fix-a-crash-if-hpfs_map_dnode_bitmap-fail.patch + patches.kernel.org/7.0.12-135-mm-damon-sysfs-schemes-delete-tried-region-in-.patch + patches.kernel.org/7.0.12-136-ipc-limit-next_id-allocation-to-the-valid-ID-r.patch + patches.kernel.org/7.0.12-137-mm-memcontrol-propagate-NMI-slab-stats-to-memc.patch + patches.kernel.org/7.0.12-138-mm-migrate_device-fix-pgtable-leak-in-migrate_.patch + patches.kernel.org/7.0.12-139-memfd-deny-writeable-mappings-when-implying-SE.patch + patches.kernel.org/7.0.12-140-zram-fix-use-after-free-in-zram_writeback_endi.patch + patches.kernel.org/7.0.12-141-mm-rmap-initialize-nr_pages-to-1-at-loop-start.patch + patches.kernel.org/7.0.12-142-auxdisplay-line-display-fix-OOB-read-on-zero-l.patch + patches.kernel.org/7.0.12-143-smb-client-fix-uninitialized-variable-in-smb2_.patch + patches.kernel.org/7.0.12-144-Bluetooth-L2CAP-use-chan-timer-to-close-channe.patch + patches.kernel.org/7.0.12-145-Bluetooth-L2CAP-fix-chan-ref-leak-in-l2cap_cha.patch + patches.kernel.org/7.0.12-146-Bluetooth-HIDP-fix-missing-length-checks-in-hi.patch + patches.kernel.org/7.0.12-147-Bluetooth-ISO-fix-UAF-in-iso_recv_frame.patch + patches.kernel.org/7.0.12-148-Bluetooth-ISO-serialize-iso_sock_clear_timer-w.patch + patches.kernel.org/7.0.12-149-Bluetooth-hci_conn-Fix-memory-leak-in-hci_le_b.patch + patches.kernel.org/7.0.12-150-Bluetooth-hci_qca-Use-100-ms-SSR-delay-for-ram.patch + patches.kernel.org/7.0.12-151-Bluetooth-hci_sync-fix-UAF-in-hci_le_create_ci.patch + patches.kernel.org/7.0.12-152-Input-xpad-fix-out-of-bounds-access-for-Share-.patch + patches.kernel.org/7.0.12-153-parport-Fix-race-between-port-and-client-regis.patch + patches.kernel.org/7.0.12-154-rust_binder-Avoid-holding-lock-when-dropping-d.patch + patches.kernel.org/7.0.12-155-rust_binder-avoid-calling-pending_oneway_finis.patch + patches.kernel.org/7.0.12-156-USB-cdc-acm-Fix-bit-overlap-and-move-quirk-def.patch + patches.kernel.org/7.0.12-157-KVM-arm64-Correctly-cap-ZCR_EL2-provided-by-a-.patch + patches.kernel.org/7.0.12-158-KVM-arm64-PMU-Preserve-AArch32-counter-low-bit.patch + patches.kernel.org/7.0.12-159-KVM-SVM-Flush-the-current-TLB-when-transitioni.patch + patches.kernel.org/7.0.12-160-KVM-SEV-Require-in-GHCB-scratch-area-if-GHCB-v.patch + patches.kernel.org/7.0.12-161-KVM-SEV-Ignore-Port-I-O-requests-of-length-0.patch + patches.kernel.org/7.0.12-162-KVM-SEV-Use-the-size-of-the-PSC-header-as-the-.patch + patches.kernel.org/7.0.12-163-KVM-SEV-WARN-if-KVM-attempts-to-setup-scratch-.patch + patches.kernel.org/7.0.12-164-KVM-SEV-Compute-the-correct-max-length-of-the-.patch + patches.kernel.org/7.0.12-165-KVM-SEV-Check-PSC-request-indices-against-the-.patch + patches.kernel.org/7.0.12-166-KVM-SEV-Use-READ_ONCE-when-reading-entries-ind.patch + patches.kernel.org/7.0.12-167-KVM-SEV-Don-t-explicitly-pass-PSC-buffer-to-sn.patch + patches.kernel.org/7.0.12-168-gpio-shared-undo-the-vote-of-the-proxy-on-GPIO.patch + patches.kernel.org/7.0.12-169-gpio-shared-fix-deadlock-on-shared-proxy-s-par.patch + patches.kernel.org/7.0.12-170-gpio-shared-fix-lockdep-false-positive-by-remo.patch + patches.kernel.org/7.0.12-171-Disable-Wattribute-alias-for-clang-23-and-newe.patch + patches.kernel.org/7.0.12-172-iio-adc-xilinx-xadc-Fix-sequencer-mode-in-post.patch + patches.kernel.org/7.0.12-173-iio-adc-npcm-fix-unbalanced-clk_disable_unprep.patch + patches.kernel.org/7.0.12-174-iio-dac-ad3530r-Fix-AD3531-AD3531R-powerdown-m.patch + patches.kernel.org/7.0.12-175-iio-dac-max5821-fix-return-value-check-in-powe.patch + patches.kernel.org/7.0.12-176-iio-dac-ad5686-fix-ref-bit-initialization-for-.patch + patches.kernel.org/7.0.12-177-iio-dac-ad5686-fix-input-raw-value-check.patch + patches.kernel.org/7.0.12-178-iio-dac-ad5686-acquire-lock-when-doing-powerdo.patch + patches.kernel.org/7.0.12-179-iio-dac-ad5686-fix-powerdown-control-on-dual-c.patch + patches.kernel.org/7.0.12-180-iio-adc-mt6359-fix-unchecked-return-value-in-m.patch + patches.kernel.org/7.0.12-181-iio-adc-viperboard-Fix-error-handling-in-vprbr.patch + patches.kernel.org/7.0.12-182-iio-adc-ad4695-Fix-call-ordering-in-offload-bu.patch + patches.kernel.org/7.0.12-183-iio-adc-nxp-sar-adc-fix-division-by-zero-in-wr.patch + patches.kernel.org/7.0.12-184-iio-adc-nxp-sar-adc-Avoid-division-by-zero.patch + patches.kernel.org/7.0.12-185-iio-adc-nxp-sar-adc-zero-initialize-dma_slave_.patch + patches.kernel.org/7.0.12-186-iio-gyro-itg3200-fix-i2c-read-into-the-wrong-s.patch + patches.kernel.org/7.0.12-187-iio-gyro-adis16260-fix-division-by-zero-in-wri.patch + patches.kernel.org/7.0.12-188-iio-ssp_sensors-cancel-delayed-work_refresh-on.patch + patches.kernel.org/7.0.12-189-iio-temperature-tsys01-fix-broken-PROM-checksu.patch + patches.kernel.org/7.0.12-190-iio-magnetometer-st_magn-fix-default-DRDY-pin-.patch + patches.kernel.org/7.0.12-191-iio-light-veml6070-Fix-resource-leak-in-probe-.patch + patches.kernel.org/7.0.12-192-iio-Fix-iio_multiply_value-use-in-iio_read_cha.patch + patches.kernel.org/7.0.12-193-iio-chemical-mhz19b-reject-oversized-serial-re.patch + patches.kernel.org/7.0.12-194-iio-chemical-scd30-fix-division-by-zero-in-wri.patch + patches.kernel.org/7.0.12-195-iio-light-cm3323-fix-reg_conf-not-being-initia.patch + patches.kernel.org/7.0.12-196-iio-buffer-hw-consumer-fix-use-after-free-in-e.patch + patches.kernel.org/7.0.12-197-iio-buffer-Fix-DMA-fence-leak-in-iio_buffer_en.patch + patches.kernel.org/7.0.12-198-USB-serial-omninet-fix-memory-corruption-with-.patch + patches.kernel.org/7.0.12-199-usb-cdns3-gadget-fix-request-skipping-after-cl.patch + patches.kernel.org/7.0.12-200-usb-cdns3-plat-fix-leaked-usb2_phy-initializat.patch + patches.kernel.org/7.0.12-201-usb-cdns3-plat-fix-unbalanced-pm_runtime_forbi.patch + patches.kernel.org/7.0.12-202-usb-dwc2-Fix-use-after-free-in-debug-code.patch + patches.kernel.org/7.0.12-203-Input-elan_i2c-validate-firmware-size-before-u.patch + patches.kernel.org/7.0.12-204-i2c-davinci-fix-division-by-zero-on-missing-cl.patch + patches.kernel.org/7.0.12-205-x86-ftrace-Relocate-rip-relative-percpu-refs-i.patch + patches.kernel.org/7.0.12-206-wireguard-send-append-trailer-after-expanding-.patch + patches.kernel.org/7.0.12-207-bpf-sockmap-fix-tail-fragment-offset-in-bpf_ms.patch + patches.kernel.org/7.0.12-208-macsec-fix-replay-protection-at-XPN-lower-PN-w.patch + patches.kernel.org/7.0.12-209-ipv6-exthdrs-refresh-nh-pointer-after-ipv6_hop.patch + patches.kernel.org/7.0.12-210-ASoC-qcom-q6asm-dai-fix-error-handling-in-prep.patch + patches.kernel.org/7.0.12-211-octeontx2-af-validate-body-pcifunc-in-rvu_mbox.patch + patches.kernel.org/7.0.12-212-ipv6-exthdrs-refresh-nh-after-handling-HAO-opt.patch + patches.kernel.org/7.0.12-213-ip6-vti-Use-ip6_tnl.net-in-vti6_siocdevprivate.patch + patches.kernel.org/7.0.12-214-ipv6-validate-extension-header-length-before-c.patch + patches.kernel.org/7.0.12-215-xfrm-input-hold-netns-during-deferred-transpor.patch + patches.kernel.org/7.0.12-216-l2tp-use-refcount_inc_not_zero-in-l2tp_session.patch + patches.kernel.org/7.0.12-217-ip6-vti-Use-ip6_tnl.net-in-vti6_changelink.patch + patches.kernel.org/7.0.12-218-net-skbuff-fix-missing-zerocopy-reference-in-p.patch + patches.kernel.org/7.0.12-219-spi-spi-mem-avoid-mutating-op-template-in-spi_.patch + patches.kernel.org/7.0.12-220-HID-wacom-Fix-OOB-write-in-wacom_hid_set_devic.patch + patches.kernel.org/7.0.12-221-iommu-debugobjects-avoid-gcc-16.1-section-mism.patch + patches.kernel.org/7.0.12-222-nfc-hci-fix-out-of-bounds-read-in-HCP-header-p.patch + patches.kernel.org/7.0.12-223-xfrm-route-MIGRATE-notifications-to-caller-s-n.patch + patches.kernel.org/7.0.12-224-xfrm-ipcomp-Free-destination-pages-on-acomp-er.patch + patches.kernel.org/7.0.12-225-xfrm-ah-use-skb_to_full_sk-in-async-output-cal.patch + patches.kernel.org/7.0.12-226-ALSA-scarlett2-Fix-2i2-Gen-4-direct-monitor-ga.patch + patches.kernel.org/7.0.12-227-ALSA-firewire-motu-Protect-register-DSP-event-.patch + patches.kernel.org/7.0.12-228-netfilter-conntrack-tcp-do-not-force-CLOSE-on-.patch + patches.kernel.org/7.0.12-229-ASoC-qcom-q6asm-dai-close-stream-only-when-run.patch + patches.kernel.org/7.0.12-230-ASoC-qcom-q6asm-dai-do-not-set-stream-state-in.patch + patches.kernel.org/7.0.12-231-xfrm-esp-restore-combined-single-frag-length-g.patch + patches.kernel.org/7.0.12-232-ALSA-hda-realtek-Fix-speaker-output-on-ASUS-RO.patch + patches.kernel.org/7.0.12-233-xfrm-iptfs-reset-runtime-state-when-cloning-SA.patch + patches.kernel.org/7.0.12-234-dma-buf-fix-UAF-in-dma_buf_fd-tracepoint.patch + patches.kernel.org/7.0.12-235-Input-xpad-add-Nova-2-Lite-from-GameSir.patch + patches.kernel.org/7.0.12-236-Input-xpad-add-support-for-ASUS-ROG-RAIKIRI-II.patch + patches.kernel.org/7.0.12-237-ksmbd-OOB-read-regression-in-smb_check_perm_da.patch + patches.kernel.org/7.0.12-238-misc-rp1-Send-IACK-on-IRQ-activate-to-fix-kdum.patch + patches.kernel.org/7.0.12-239-Input-atmel_mxt_ts-fix-boundary-check-in-mxt_p.patch + patches.kernel.org/7.0.12-240-Input-synaptics-add-LEN2058-to-SMBus-passlist-.patch + patches.kernel.org/7.0.12-241-dt-bindings-usb-Fix-EIC7700-USB-reset-s-issue.patch + patches.kernel.org/7.0.12-242-comedi-comedi_test-fix-check-for-valid-scan_be.patch + patches.kernel.org/7.0.12-243-comedi-comedi_test-Fix-limiting-of-convert_arg.patch + patches.kernel.org/7.0.12-244-counter-Fix-refcount-leak-in-counter_alloc-err.patch + patches.kernel.org/7.0.12-245-tty-serial-pch_uart-add-check-for-dma_alloc_co.patch + patches.kernel.org/7.0.12-246-tty-serial-samsung-Remove-redundant-port-lock-.patch + patches.kernel.org/7.0.12-247-uio-uio_pci_generic_sva-fix-double-free-of-dev.patch + patches.kernel.org/7.0.12-248-usb-chipidea-core-convert-ci_role_switch-to-lo.patch + patches.kernel.org/7.0.12-249-usb-core-Fix-up-Interrupt-IN-endpoints-with-bo.patch + patches.kernel.org/7.0.12-250-usb-dwc3-xilinx-fix-error-handling-in-zynqmp-i.patch + patches.kernel.org/7.0.12-251-usb-musb-omap2430-Fix-use-after-free-in-omap24.patch + patches.kernel.org/7.0.12-252-USB-quirks-add-NO_LPM-for-Lenovo-ThinkPad-USB-.patch + patches.kernel.org/7.0.12-253-usb-storage-Add-quirks-for-PNY-Elite-Portable-.patch + patches.kernel.org/7.0.12-254-usbip-vudc-Fix-use-after-free-bug-in-vudc_remo.patch + patches.kernel.org/7.0.12-255-usb-usbtmc-check-URB-actual_length-for-interru.patch + patches.kernel.org/7.0.12-256-usb-usbtmc-reject-interrupt-endpoints-with-sma.patch + patches.kernel.org/7.0.12-257-usb-typec-tipd-Fix-error-code-in-tps6598x_prob.patch + patches.kernel.org/7.0.12-258-usb-typec-tcpm-improve-handling-of-DISCOVER_MO.patch + patches.kernel.org/7.0.12-259-usb-typec-ucsi-Check-if-power-role-change-actu.patch + patches.kernel.org/7.0.12-260-usb-typec-ucsi-Don-t-update-power_supply-on-po.patch + patches.kernel.org/7.0.12-261-USB-serial-option-add-MeiG-SRM813Q.patch + patches.kernel.org/7.0.12-262-USB-serial-option-add-missing-RSVD-5-flag-for-.patch + patches.kernel.org/7.0.12-263-USB-serial-belkin_sa-validate-interrupt-status.patch + patches.kernel.org/7.0.12-264-USB-serial-cypress_m8-validate-interrupt-packe.patch + patches.kernel.org/7.0.12-265-USB-serial-digi_acceleport-fix-memory-corrupti.patch + patches.kernel.org/7.0.12-266-USB-serial-keyspan-fix-missing-indat-transfer-.patch + patches.kernel.org/7.0.12-267-USB-serial-mxuport-fix-memory-corruption-with-.patch + patches.kernel.org/7.0.12-268-USB-serial-mct_u232-fix-memory-corruption-with.patch + patches.kernel.org/7.0.12-269-USB-serial-mct_u232-fix-missing-interrupt-in-t.patch + patches.kernel.org/7.0.12-270-usb-gadget-uvc-hold-opts-lock-across-XU-walks-.patch + patches.kernel.org/7.0.12-271-usb-gadget-net2280-Fix-double-free-in-probe-er.patch + patches.kernel.org/7.0.12-272-usb-gadget-f_hid-fix-device-reference-leak-in-.patch + patches.kernel.org/7.0.12-273-usb-gadget-composite-fix-integer-underflow-in-.patch + patches.kernel.org/7.0.12-274-usb-gadget-dummy_hcd-Reject-hub-port-requests-.patch + patches.kernel.org/7.0.12-275-usb-gadget-f_fs-copy-only-received-bytes-on-sh.patch + patches.kernel.org/7.0.12-276-usb-gadget-f_fs-serialize-DMABUF-cancel-agains.patch + patches.kernel.org/7.0.12-277-thunderbolt-property-Reject-u32-wrap-in-tb_pro.patch + patches.kernel.org/7.0.12-278-thunderbolt-property-Reject-dir_len-4-to-preve.patch + patches.kernel.org/7.0.12-279-thunderbolt-property-Cap-recursion-depth-in-__.patch + patches.kernel.org/7.0.12-280-scsi-fcoe-Reject-FIP-descriptors-with-zero-fip.patch + patches.kernel.org/7.0.12-281-scsi-scsi_transport_fc-Widen-FPIN-pname-walker.patch + patches.kernel.org/7.0.12-282-scsi-target-iscsi-Fix-CRC-overread-and-double-.patch + patches.kernel.org/7.0.12-283-scsi-target-iscsi-Bound-iscsi_encode_text_outp.patch + patches.kernel.org/7.0.12-284-scsi-target-iscsi-Validate-CHAP_R-length-befor.patch + patches.kernel.org/7.0.12-285-drm-hyperv-validate-resolution_count-and-fix-W.patch + patches.kernel.org/7.0.12-286-drm-hyperv-validate-VMBus-packet-size-in-recei.patch + patches.kernel.org/7.0.12-287-drm-gem-fix-race-between-change_handle-and-han.patch + patches.kernel.org/7.0.12-288-drm-i915-color-Fix-HDR-pre-CSC-LUT-programming.patch + patches.kernel.org/7.0.12-289-drm-i915-psr-Block-DC-states-on-vblank-enable-.patch + patches.kernel.org/7.0.12-290-drm-i915-psr-Use-DC_OFF-wake-reference-to-bloc.patch + patches.kernel.org/7.0.12-291-drm-i915-Fix-potential-UAF-in-TTM-object-purge.patch + patches.kernel.org/7.0.12-292-drm-amd-pm-si-Disregard-vblank-time-when-no-di.patch + patches.kernel.org/7.0.12-293-serial-altera_jtaguart-handle-uart_add_one_por.patch + patches.kernel.org/7.0.12-294-serial-qcom-geni-fix-UART_RX_PAR_EN-bit-positi.patch + patches.kernel.org/7.0.12-295-serial-qcom_geni-fix-kfifo-underflow-when-flus.patch + patches.kernel.org/7.0.12-296-serial-sh-sci-fix-memory-region-release-in-err.patch + patches.kernel.org/7.0.12-297-serial-zs-Fix-swapped-RI-DSR-modem-line-transi.patch + patches.kernel.org/7.0.12-298-serial-fsl_lpuart-fix-rx-buffer-and-DMA-map-le.patch + patches.kernel.org/7.0.12-299-drm-amdkfd-fix-NULL-pointer-bug-in-svm_range_s.patch + patches.kernel.org/7.0.12-300-drm-amdkfd-fix-a-vulnerability-of-integer-over.patch + patches.kernel.org/7.0.12-301-drm-amdkfd-Check-for-pdd-drm-file-first-in-CRI.patch + patches.kernel.org/7.0.12-302-drm-amdgpu-fix-lock-leak-on-ENOMEM-in-AMDGPU_G.patch + patches.kernel.org/7.0.12-303-drm-amdgpu-fix-calling-VM-invalidation-in-amdg.patch + patches.kernel.org/7.0.12-304-drm-amdgpu-fix-amdgpu_hmm_range_get_pages.patch + patches.kernel.org/7.0.12-305-drm-amdgpu-check-num_entries-in-GEM_OP-GET_MAP.patch + patches.kernel.org/7.0.12-306-serial-dz-Fix-bootconsole-message-clobbering-a.patch + patches.kernel.org/7.0.12-307-serial-dz-Fix-bootconsole-handover-lockup.patch + patches.kernel.org/7.0.12-308-serial-dz-Convert-to-use-a-platform-device.patch + patches.kernel.org/7.0.12-309-serial-zs-Fix-bootconsole-handover-lockup.patch + patches.kernel.org/7.0.12-310-serial-zs-Switch-to-using-channel-reset.patch + patches.kernel.org/7.0.12-311-serial-zs-Convert-to-use-a-platform-device.patch + patches.kernel.org/7.0.12-312-serial-core-introduce-guard-uart_port_lock_che.patch + patches.kernel.org/7.0.12-313-serial-8250-dispatch-SysRq-character-in-serial.patch + patches.kernel.org/7.0.12-314-serial-8250_dw-dispatch-SysRq-character-in-dw8.patch + patches.kernel.org/7.0.12-315-Revert-mm-hugetlbfs-update-hugetlbfs-to-use-mm.patch + patches.kernel.org/7.0.12-316-platform-x86-intel-vsec-Refactor-base_addr-han.patch + patches.kernel.org/7.0.12-317-platform-x86-intel-vsec-Make-driver_data-info-.patch + patches.kernel.org/7.0.12-318-platform-x86-intel-vsec-Fix-enable_cnt-imbalan.patch + patches.kernel.org/7.0.12-319-rxrpc-Fix-RESPONSE-packet-verification-to-extr.patch + patches.kernel.org/7.0.12-320-ALSA-hda-realtek-Fix-mute-and-mic-mute-LEDs-fo.patch + patches.kernel.org/7.0.12-321-ALSA-hda-realtek-Fix-mute-and-mic-mute-LEDs-fo.patch + patches.kernel.org/7.0.12-322-arm64-tlb-Flush-walk-cache-when-unsharing-PMD-.patch + patches.kernel.org/7.0.12-323-i2c-tegra-make-tegra_i2c_mutex_unlock-return-v.patch + patches.kernel.org/7.0.12-324-hwmon-pmbus-Add-support-for-guarded-PMBus-lock.patch + patches.kernel.org/7.0.12-325-hwmon-pmbus-adm1266-serialize-sequencer_state-.patch + patches.kernel.org/7.0.12-326-hwmon-pmbus-adm1266-serialize-GPIO-PMBus-acces.patch + patches.kernel.org/7.0.12-327-net-phy-micrel-fix-LAN8814-QSGMII-soft-reset.patch + patches.kernel.org/7.0.12-328-xhci-tegra-Fix-ghost-USB-device-on-dual-role-p.patch + patches.kernel.org/7.0.12-329-mailbox-Fix-NULL-message-support-in-mbox_send_.patch + patches.kernel.org/7.0.12-330-usb-core-Fix-SuperSpeed-root-hub-wMaxPacketSiz.patch + patches.kernel.org/7.0.12-331-tools-ynl-add-scope-qualifier-for-definitions.patch + patches.kernel.org/7.0.12-332-KVM-arm64-vgic-its-Drop-the-translation-cache-.patch + patches.kernel.org/7.0.12-333-KVM-arm64-Reassign-nested_mmus-array-behind-mm.patch + patches.kernel.org/7.0.12-334-Linux-7.0.12.patch ######################################################## # Build fixes that apply to the vanilla kernel too. @@ -2610,18 +2944,21 @@ ######################################################## # sorted patches ######################################################## - patches.suse/bcache-fix-uninitialized-closure-object.patch patches.suse/usb-gadget-f_hid-Add-missing-error-code.patch patches.suse/mfd-bcm2835-pm-Introduce-SoC-specific-type-identifier.patch patches.suse/mfd-bcm2835-pm-Add-BCM2712-PM-device-support.patch + patches.suse/i2c-dev-prevent-integer-overflow-in-I2C_TIMEOUT-ioctl.patch patches.suse/net-ethernet-cortina-No-mapping-is-a-dropped-rx.patch patches.suse/batman-adv-fix-batadv_skb_is_frag-kernel-doc.patch - patches.suse/blk-mq-reinsert-cached-request-to-the-list.patch + patches.suse/drm-gem-Try-to-fix-change_handle-ioctl-attempt-4.patch # vfs/vfs vfs.all patches.suse/selftests-namespaces-Kill-grandchild-in-nsid-fixture-teard.patch patches.suse/selftests-namespaces-Fix-waitpid-race-in-listns_efault_tes.patch patches.suse/selftests-namespaces-Skip-efault-tests-when-listns-is-not-.patch + + # zohar/linux-integrity next-integrity + patches.suse/ima-return-error-early-if-file-xattr-cannot-be-changed.patch ######################################################## # end of sorted patches ######################################################## ++++++ source-timestamp ++++++ --- /var/tmp/diff_new_pack.uMB6py/_old 2026-06-12 19:26:06.410627514 +0200 +++ /var/tmp/diff_new_pack.uMB6py/_new 2026-06-12 19:26:06.414627682 +0200 @@ -1,4 +1,4 @@ -2026-06-02 05:49:18 +0000 -GIT Revision: d1677f1efc504a663c67d79a6742e3b18764c94a +2026-06-10 05:12:39 +0000 +GIT Revision: 8beab0b488b42c3b23259067bfa850985d902846 GIT Branch: stable
