====================================== Sat, 14 Mar 2026 - Debian 13.4 released ====================================== ========================================================================= [Date: Sat, 14 Mar 2026 09:32:58 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x btrfs-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x cdrom-core-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x cdrom-core-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x crypto-dm-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x crypto-dm-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x crypto-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x crypto-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x dasd-extra-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x dasd-extra-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x dasd-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x dasd-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x ext4-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x ext4-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x f2fs-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x f2fs-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x fat-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x fat-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x isofs-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x isofs-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x kernel-image-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x kernel-image-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x linux-headers-6.12.57+deb13-s390x | 6.12.57-1 | s390x linux-headers-6.12.69+deb13-s390x | 6.12.69-1 | s390x linux-image-6.12.57+deb13-s390x | 6.12.57-1 | s390x linux-image-6.12.57+deb13-s390x-dbg | 6.12.57-1 | s390x linux-image-6.12.69+deb13-s390x | 6.12.69-1 | s390x linux-image-6.12.69+deb13-s390x-dbg | 6.12.69-1 | s390x loop-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x loop-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x md-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x md-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x mtd-core-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x mtd-core-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x multipath-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x multipath-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x nbd-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x nbd-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x nic-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x nic-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x scsi-core-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x scsi-core-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x scsi-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x scsi-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x udf-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x udf-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x xfs-modules-6.12.57+deb13-s390x-di | 6.12.57-1 | s390x xfs-modules-6.12.69+deb13-s390x-di | 6.12.69-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:33:13 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 ata-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 btrfs-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 btrfs-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 cdrom-core-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 cdrom-core-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 crypto-dm-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 crypto-dm-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 crypto-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 crypto-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 drm-core-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 drm-core-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 ext4-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 ext4-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 f2fs-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 f2fs-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 fat-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 fat-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 fb-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 fb-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 input-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 input-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 isofs-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 isofs-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 jfs-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 jfs-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 kernel-image-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 kernel-image-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 linux-headers-6.12.57+deb13-riscv64 | 6.12.57-1 | riscv64 linux-headers-6.12.69+deb13-riscv64 | 6.12.69-1 | riscv64 linux-image-6.12.57+deb13-riscv64 | 6.12.57-1 | riscv64 linux-image-6.12.57+deb13-riscv64-dbg | 6.12.57-1 | riscv64 linux-image-6.12.69+deb13-riscv64 | 6.12.69-1 | riscv64 linux-image-6.12.69+deb13-riscv64-dbg | 6.12.69-1 | riscv64 loop-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 loop-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 md-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 md-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 mmc-core-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 mmc-core-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 mmc-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 mmc-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 mtd-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 mtd-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 multipath-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 multipath-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 nbd-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 nbd-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 nic-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 nic-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 nic-shared-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 nic-shared-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 nic-usb-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 nic-usb-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 nic-wireless-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 nic-wireless-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 pata-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 pata-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 ppp-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 ppp-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 sata-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 sata-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 scsi-core-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 scsi-core-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 scsi-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 scsi-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 scsi-nic-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 scsi-nic-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 squashfs-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 squashfs-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 udf-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 udf-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 usb-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 usb-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 usb-serial-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 usb-serial-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 usb-storage-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 usb-storage-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 xfs-modules-6.12.57+deb13-riscv64-di | 6.12.57-1 | riscv64 xfs-modules-6.12.69+deb13-riscv64-di | 6.12.69-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:33:28 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.57+deb13-amd64 | 6.12.57-1 | amd64 linux-headers-6.12.57+deb13-cloud-amd64 | 6.12.57-1 | amd64 linux-headers-6.12.57+deb13-rt-amd64 | 6.12.57-1 | amd64 linux-headers-6.12.69+deb13-amd64 | 6.12.69-1 | amd64 linux-headers-6.12.69+deb13-cloud-amd64 | 6.12.69-1 | amd64 linux-headers-6.12.69+deb13-rt-amd64 | 6.12.69-1 | amd64 linux-image-6.12.57+deb13-amd64-dbg | 6.12.57-1 | amd64 linux-image-6.12.57+deb13-amd64-unsigned | 6.12.57-1 | amd64 linux-image-6.12.57+deb13-cloud-amd64-dbg | 6.12.57-1 | amd64 linux-image-6.12.57+deb13-cloud-amd64-unsigned | 6.12.57-1 | amd64 linux-image-6.12.57+deb13-rt-amd64-dbg | 6.12.57-1 | amd64 linux-image-6.12.57+deb13-rt-amd64-unsigned | 6.12.57-1 | amd64 linux-image-6.12.69+deb13-amd64-dbg | 6.12.69-1 | amd64 linux-image-6.12.69+deb13-amd64-unsigned | 6.12.69-1 | amd64 linux-image-6.12.69+deb13-cloud-amd64-dbg | 6.12.69-1 | amd64 linux-image-6.12.69+deb13-cloud-amd64-unsigned | 6.12.69-1 | amd64 linux-image-6.12.69+deb13-rt-amd64-dbg | 6.12.69-1 | amd64 linux-image-6.12.69+deb13-rt-amd64-unsigned | 6.12.69-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:33:56 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.57+deb13 | 6.12.57-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x linux-kbuild-6.12.69+deb13 | 6.12.69-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:34:11 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.57+deb13-arm64 | 6.12.57-1 | arm64 linux-headers-6.12.57+deb13-arm64-16k | 6.12.57-1 | arm64 linux-headers-6.12.57+deb13-cloud-arm64 | 6.12.57-1 | arm64 linux-headers-6.12.57+deb13-rt-arm64 | 6.12.57-1 | arm64 linux-headers-6.12.69+deb13-arm64 | 6.12.69-1 | arm64 linux-headers-6.12.69+deb13-arm64-16k | 6.12.69-1 | arm64 linux-headers-6.12.69+deb13-cloud-arm64 | 6.12.69-1 | arm64 linux-headers-6.12.69+deb13-rt-arm64 | 6.12.69-1 | arm64 linux-image-6.12.57+deb13-arm64-16k-dbg | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-arm64-16k-unsigned | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-arm64-dbg | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-arm64-unsigned | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-cloud-arm64-dbg | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-cloud-arm64-unsigned | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-rt-arm64-dbg | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-rt-arm64-unsigned | 6.12.57-1 | arm64 linux-image-6.12.69+deb13-arm64-16k-dbg | 6.12.69-1 | arm64 linux-image-6.12.69+deb13-arm64-16k-unsigned | 6.12.69-1 | arm64 linux-image-6.12.69+deb13-arm64-dbg | 6.12.69-1 | arm64 linux-image-6.12.69+deb13-arm64-unsigned | 6.12.69-1 | arm64 linux-image-6.12.69+deb13-cloud-arm64-dbg | 6.12.69-1 | arm64 linux-image-6.12.69+deb13-cloud-arm64-unsigned | 6.12.69-1 | arm64 linux-image-6.12.69+deb13-rt-arm64-dbg | 6.12.69-1 | arm64 linux-image-6.12.69+deb13-rt-arm64-unsigned | 6.12.69-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:34:20 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.57+deb13-rpi | 6.12.57-1 | armel linux-headers-6.12.69+deb13-rpi | 6.12.69-1 | armel linux-image-6.12.57+deb13-rpi | 6.12.57-1 | armel linux-image-6.12.57+deb13-rpi-dbg | 6.12.57-1 | armel linux-image-6.12.69+deb13-rpi | 6.12.69-1 | armel linux-image-6.12.69+deb13-rpi-dbg | 6.12.69-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:34:38 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf ata-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf btrfs-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf btrfs-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf cdrom-core-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf cdrom-core-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf crypto-dm-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf crypto-dm-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf crypto-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf crypto-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf drm-core-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf drm-core-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf ext4-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf ext4-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf f2fs-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf f2fs-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf fat-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf fat-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf fb-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf fb-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf input-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf input-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf isofs-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf isofs-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf jfs-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf jfs-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf kernel-image-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf kernel-image-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf linux-headers-6.12.57+deb13-armmp | 6.12.57-1 | armhf linux-headers-6.12.57+deb13-armmp-lpae | 6.12.57-1 | armhf linux-headers-6.12.57+deb13-rt-armmp | 6.12.57-1 | armhf linux-headers-6.12.69+deb13-armmp | 6.12.69-1 | armhf linux-headers-6.12.69+deb13-armmp-lpae | 6.12.69-1 | armhf linux-headers-6.12.69+deb13-rt-armmp | 6.12.69-1 | armhf linux-image-6.12.57+deb13-armmp | 6.12.57-1 | armhf linux-image-6.12.57+deb13-armmp-dbg | 6.12.57-1 | armhf linux-image-6.12.57+deb13-armmp-lpae | 6.12.57-1 | armhf linux-image-6.12.57+deb13-armmp-lpae-dbg | 6.12.57-1 | armhf linux-image-6.12.57+deb13-rt-armmp | 6.12.57-1 | armhf linux-image-6.12.57+deb13-rt-armmp-dbg | 6.12.57-1 | armhf linux-image-6.12.69+deb13-armmp | 6.12.69-1 | armhf linux-image-6.12.69+deb13-armmp-dbg | 6.12.69-1 | armhf linux-image-6.12.69+deb13-armmp-lpae | 6.12.69-1 | armhf linux-image-6.12.69+deb13-armmp-lpae-dbg | 6.12.69-1 | armhf linux-image-6.12.69+deb13-rt-armmp | 6.12.69-1 | armhf linux-image-6.12.69+deb13-rt-armmp-dbg | 6.12.69-1 | armhf loop-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf loop-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf md-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf md-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf mmc-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf mmc-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf mtd-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf mtd-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf multipath-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf multipath-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf nbd-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf nbd-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf nic-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf nic-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf nic-shared-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf nic-shared-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf nic-usb-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf nic-usb-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf nic-wireless-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf nic-wireless-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf pata-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf pata-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf ppp-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf ppp-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf sata-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf sata-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf scsi-core-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf scsi-core-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf scsi-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf scsi-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf scsi-nic-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf scsi-nic-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf sound-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf sound-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf speakup-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf speakup-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf squashfs-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf squashfs-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf udf-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf udf-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf uinput-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf uinput-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf usb-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf usb-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf usb-serial-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf usb-serial-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf usb-storage-modules-6.12.57+deb13-armmp-di | 6.12.57-1 | armhf usb-storage-modules-6.12.69+deb13-armmp-di | 6.12.69-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:34:48 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el ata-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el btrfs-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el btrfs-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el cdrom-core-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el cdrom-core-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el crypto-dm-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el crypto-dm-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el crypto-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el crypto-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el drm-core-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el drm-core-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el ext4-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el ext4-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el f2fs-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el f2fs-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el fat-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el fat-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el fb-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el fb-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el firewire-core-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el firewire-core-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el hypervisor-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el hypervisor-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el input-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el input-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el isofs-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el isofs-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el jfs-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el jfs-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el kernel-image-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el kernel-image-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el linux-headers-6.12.57+deb13-powerpc64le | 6.12.57-1 | ppc64el linux-headers-6.12.57+deb13-powerpc64le-64k | 6.12.57-1 | ppc64el linux-headers-6.12.69+deb13-powerpc64le | 6.12.69-1 | ppc64el linux-headers-6.12.69+deb13-powerpc64le-64k | 6.12.69-1 | ppc64el linux-image-6.12.57+deb13-powerpc64le | 6.12.57-1 | ppc64el linux-image-6.12.57+deb13-powerpc64le-64k | 6.12.57-1 | ppc64el linux-image-6.12.57+deb13-powerpc64le-64k-dbg | 6.12.57-1 | ppc64el linux-image-6.12.57+deb13-powerpc64le-dbg | 6.12.57-1 | ppc64el linux-image-6.12.69+deb13-powerpc64le | 6.12.69-1 | ppc64el linux-image-6.12.69+deb13-powerpc64le-64k | 6.12.69-1 | ppc64el linux-image-6.12.69+deb13-powerpc64le-64k-dbg | 6.12.69-1 | ppc64el linux-image-6.12.69+deb13-powerpc64le-dbg | 6.12.69-1 | ppc64el loop-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el loop-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el md-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el md-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el mtd-core-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el mtd-core-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el multipath-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el multipath-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el nbd-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el nbd-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el nic-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el nic-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el nic-shared-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el nic-shared-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el nic-usb-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el nic-usb-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el nic-wireless-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el nic-wireless-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el ppp-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el ppp-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el sata-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el sata-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el scsi-core-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el scsi-core-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el scsi-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el scsi-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el scsi-nic-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el scsi-nic-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el serial-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el serial-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el squashfs-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el squashfs-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el udf-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el udf-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el uinput-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el uinput-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el usb-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el usb-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el usb-serial-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el usb-serial-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el usb-storage-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el usb-storage-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el xfs-modules-6.12.57+deb13-powerpc64le-di | 6.12.57-1 | ppc64el xfs-modules-6.12.69+deb13-powerpc64le-di | 6.12.69-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:34:58 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 ata-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 btrfs-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 btrfs-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 cdrom-core-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 cdrom-core-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 crypto-dm-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 crypto-dm-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 crypto-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 crypto-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 drm-core-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 drm-core-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 ext4-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 ext4-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 f2fs-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 f2fs-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 fat-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 fat-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 fb-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 fb-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 firewire-core-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 firewire-core-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 input-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 input-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 isofs-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 isofs-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 jfs-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 jfs-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 kernel-image-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 kernel-image-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 linux-image-6.12.57+deb13-amd64 | 6.12.57-1 | amd64 linux-image-6.12.57+deb13-cloud-amd64 | 6.12.57-1 | amd64 linux-image-6.12.57+deb13-rt-amd64 | 6.12.57-1 | amd64 linux-image-6.12.69+deb13-amd64 | 6.12.69-1 | amd64 linux-image-6.12.69+deb13-cloud-amd64 | 6.12.69-1 | amd64 linux-image-6.12.69+deb13-rt-amd64 | 6.12.69-1 | amd64 loop-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 loop-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 md-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 md-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 mmc-core-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 mmc-core-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 mmc-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 mmc-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 mtd-core-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 mtd-core-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 multipath-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 multipath-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 nbd-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 nbd-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 nic-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 nic-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 nic-pcmcia-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 nic-pcmcia-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 nic-shared-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 nic-shared-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 nic-usb-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 nic-usb-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 nic-wireless-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 nic-wireless-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 pata-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 pata-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 pcmcia-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 pcmcia-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 pcmcia-storage-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 pcmcia-storage-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 ppp-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 ppp-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 rfkill-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 rfkill-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 sata-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 sata-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 scsi-core-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 scsi-core-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 scsi-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 scsi-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 scsi-nic-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 scsi-nic-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 serial-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 serial-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 sound-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 sound-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 speakup-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 speakup-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 squashfs-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 squashfs-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 udf-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 udf-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 uinput-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 uinput-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 usb-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 usb-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 usb-serial-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 usb-serial-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 usb-storage-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 usb-storage-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 xfs-modules-6.12.57+deb13-amd64-di | 6.12.57-1 | amd64 xfs-modules-6.12.69+deb13-amd64-di | 6.12.69-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:35:07 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 btrfs-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 cdrom-core-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 crypto-dm-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 crypto-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 ext4-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 f2fs-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 fat-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 fb-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 input-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 isofs-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 jfs-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 kernel-image-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-arm64 | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-arm64-16k | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-cloud-arm64 | 6.12.57-1 | arm64 linux-image-6.12.57+deb13-rt-arm64 | 6.12.57-1 | arm64 loop-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 md-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 mmc-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 multipath-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 nbd-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 nic-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 nic-shared-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 nic-usb-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 nic-wireless-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 ppp-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 sata-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 scsi-core-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 scsi-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 scsi-nic-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 sound-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 speakup-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 squashfs-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 udf-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 uinput-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 usb-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 usb-serial-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 usb-storage-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 xfs-modules-6.12.57+deb13-arm64-di | 6.12.57-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 14 Mar 2026 09:35:31 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.57+deb13-common | 6.12.57-1 | all linux-headers-6.12.57+deb13-common-rt | 6.12.57-1 | all linux-headers-6.12.69+deb13-common | 6.12.69-1 | all linux-headers-6.12.69+deb13-common-rt | 6.12.69-1 | all linux-support-6.12.57+deb13 | 6.12.57-1 | all linux-support-6.12.69+deb13 | 6.12.69-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= akonadi (4:24.12.3-2~deb13u1) trixie; urgency=medium . * Backport for Trixie. apache2 (2.4.66-1~deb13u2) trixie; urgency=medium . * Team upload * Fix a regression on http2 (Closes: #1125713, #1125368, #1126177, #1128831) * Split testsuite avoiding timeout (Closes: #1126571) arduino-core-avr (1.8.7+dfsg-1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . arduino-core-avr (1.8.7+dfsg-1) unstable; urgency=medium . * Team upload * [6840e74] New upstream version 1.8.7+dfsg (Closes: #1126285) (CVE-2025-69209) * [f497c6e] d/copyright: Adjust excludes list * [a9b845a] Refresh patches for new upstream release * [c386188] d/control: Bump S-V to 4.7.3; drop priority: optional and RRR * [95bf24d] Update lintian overrides for avr bootloader files asahi-scripts (20250130-3+deb13u2) trixie; urgency=medium . * Team upload. * Backport "Install hwdb file to override auto suspend on GL9755 SD card reader" (Closes: #1128108) augeas (1.14.1-1.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . augeas (1.14.1-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-2588: NULL Pointer Dereference in re_case_expand() (Closes: #1101714) base-files (13.8+deb13u4) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.4 point release. bind9 (1:9.20.18-1~deb13u1) trixie-security; urgency=high . * New upstream version 9.20.18 + [CVE-2025-13878]: Fix incorrect length checks for BRID and HHIT records. bind9 (1:9.20.18-1~deb13u1~bpo12+1) bookworm-backports; urgency=high . * Rebuild for trixie-backports. * d/gbp.conf: set branch for bookworm-backports * urgency=high to fix CVE-2025-13878 in bookworm-backports bind9 (1:9.20.15-2) unstable; urgency=medium . * Remove libdb-dev build depends (Closes: #1119196) bind9 (1:9.20.15-1) unstable; urgency=medium . * New upstream version 9.20.15 - [CVE-2025-8677]: DNSSEC validation fails if matching but invalid DNSKEY is found - [CVE-2025-40778]: Address various spoofing attacks. - [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number generator bird2 (2.17.1-1+deb13u1) stable; urgency=medium . * New maintainer. * Use Restart=on-abnormal instead of on-abort. (Closes: #1099513) * Backport all fixes from upstream 2.17.3: + RAdv: Fix flags for deprecated prefixes. + BMP: Fix crash when exporting a route with non-bgp attributes. * Backport all fixes from upstream 2.17.2: + ASPA check fix for AS_SET. + Invalid check fix in text_or_ipa grammar. brltty (6.7-3.1+deb13u3) trixie; urgency=medium . * patches/systemd-vtnr: Fix getting vtnr from systemd. capstone (5.0.7-1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. - CVE-2025-67873: cs_insn.bytes heap buffer overflow - CVE-2025-68114: SStream_concat() stack buffer underflow&overflow . capstone (5.0.7-1) unstable; urgency=medium . * Team upload. * New upstream version 5.0.7 * Bump Standards-Version chromium (145.0.7632.159-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-3536: Integer overflow in ANGLE. Reported by cinzinga. - CVE-2026-3537: Object lifecycle issue in PowerVR. Reported by Zhihua Yao of KunLun Lab. - CVE-2026-3538: Integer overflow in Skia. Reported by Symeon Paraschoudis. - CVE-2026-3539: Object lifecycle issue in DevTools. Reported by Zhenpeng (Leo) Lin at depthfirst. - CVE-2026-3540: Inappropriate implementation in WebAudio. Reported by Davi Antônio Cruz. - CVE-2026-3541: Inappropriate implementation in CSS. Reported by Syn4pse. - CVE-2026-3542: Inappropriate implementation in WebAssembly. Reported by qymag1c. - CVE-2026-3543: Inappropriate implementation in V8. Reported by qymag1c. - CVE-2026-3544: Heap buffer overflow in WebCodecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-3545: Insufficient data validation in Navigation. Reported by Google. . [ Daniel Richard G. ] * Re-bundle libxslt, to fix crashes due to an ABI incompatibility between the bundled libxml2 and the system libxml2 used by the system libxslt. - d/clean, d/control, d/copyright: Remove libxslt references. - d/scripts/unbundle: Add entry for libxslt. chromium (145.0.7632.159-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-3536: Integer overflow in ANGLE. Reported by cinzinga. - CVE-2026-3537: Object lifecycle issue in PowerVR. Reported by Zhihua Yao of KunLun Lab. - CVE-2026-3538: Integer overflow in Skia. Reported by Symeon Paraschoudis. - CVE-2026-3539: Object lifecycle issue in DevTools. Reported by Zhenpeng (Leo) Lin at depthfirst. - CVE-2026-3540: Inappropriate implementation in WebAudio. Reported by Davi Antônio Cruz. - CVE-2026-3541: Inappropriate implementation in CSS. Reported by Syn4pse. - CVE-2026-3542: Inappropriate implementation in WebAssembly. Reported by qymag1c. - CVE-2026-3543: Inappropriate implementation in V8. Reported by qymag1c. - CVE-2026-3544: Heap buffer overflow in WebCodecs. Reported by c6eed09fc8b174b0f3eebedcceb1e792. - CVE-2026-3545: Insufficient data validation in Navigation. Reported by Google. . [ Daniel Richard G. ] * Re-bundle libxslt, to fix crashes due to an ABI incompatibility between the bundled libxml2 and the system libxml2 used by the system libxslt. - d/clean, d/control, d/copyright: Remove libxslt references. - d/scripts/unbundle: Add entry for libxslt. chromium (145.0.7632.116-1) unstable; urgency=high . * New upstream security release. - CVE-2026-3061: Out of bounds read in Media. Reported by Luke Francis. - CVE-2026-3062: Out of bounds read and write in Tint. Reported by cinzinga. - CVE-2026-3063: Inappropriate implementation in DevTools. Reported by M. Fauzan Wijaya (Gh05t666nero). * d/rules: drop CVE check for security-uploads (no functional change). * d/patches/disable/glic.patch: add a patch to fix build with disabled Gemini Live in Chrome (glic). chromium (145.0.7632.116-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2026-3061: Out of bounds read in Media. Reported by Luke Francis. - CVE-2026-3062: Out of bounds read and write in Tint. Reported by cinzinga. - CVE-2026-3063: Inappropriate implementation in DevTools. Reported by M. Fauzan Wijaya (Gh05t666nero). * d/patches/disable/glic.patch: add a patch to fix build with disabled Gemini Live in Chrome (glic). chromium (145.0.7632.116-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2026-3061: Out of bounds read in Media. Reported by Luke Francis. - CVE-2026-3062: Out of bounds read and write in Tint. Reported by cinzinga. - CVE-2026-3063: Inappropriate implementation in DevTools. Reported by M. Fauzan Wijaya (Gh05t666nero). * d/patches/disable/glic.patch: add a patch to fix build with disabled Gemini Live in Chrome (glic). chromium (145.0.7632.109-1) unstable; urgency=high . * New upstream security release. - CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax. - CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab. - CVE-2026-2650: Heap buffer overflow in Media. Reported by Google. chromium (145.0.7632.109-1~deb13u3) trixie-security; urgency=high . * d/rules: drop CVE check for security-uploads (no functional change). . chromium (145.0.7632.109-1~deb13u2) trixie-security; urgency=high . * d/patches/rust-1.85/jxl-simd-avx512.patch: try again; rustc didn't like where I marked some of the neon functions as unsafe. . chromium (145.0.7632.109-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax. - CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab. - CVE-2026-2650: Heap buffer overflow in Media. Reported by Google. * d/patches/rust-1.85/jxl-simd-avx512.patch: mark neon functions as unsafe to fix arm64 builds. chromium (145.0.7632.109-1~deb12u3) bookworm-security; urgency=high . * d/rules: drop CVE check for security-uploads (no functional change). . chromium (145.0.7632.109-1~deb12u2) bookworm-security; urgency=high . * d/patches/rust-1.85/jxl-simd-avx512.patch: try again; rustc didn't like where I marked some of the neon functions as unsafe. . chromium (145.0.7632.109-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2026-2648: Heap buffer overflow in PDFium. Reported by soiax. - CVE-2026-2649: Integer overflow in V8. Reported by JunYoung Park(@candymate) of KAIST Hacking Lab. - CVE-2026-2650: Heap buffer overflow in Media. Reported by Google. * d/patches/rust-1.85/jxl-simd-avx512.patch: mark neon functions as unsafe to fix arm64 builds. chromium (145.0.7632.75-1) unstable; urgency=high . * New upstream security release. - CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim. chromium (145.0.7632.75-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim. . chromium (145.0.7632.45-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive), Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive). - CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google. - CVE-2026-2315: Inappropriate implementation in WebGPU. Reported by Google. - CVE-2026-2316: Insufficient policy enforcement in Frames. Reported by Luan Herrera (@lbherrera_). - CVE-2026-2317: Inappropriate implementation in Animation. Reported by Brendan Draper. - CVE-2026-2318: Inappropriate implementation in PictureInPicture. Reported by Shaheen Fazim. - CVE-2026-2319: Race in DevTools. Reported by Anonymous. - CVE-2026-2320: Inappropriate implementation in File input. Reported by Alesandro Ortiz. - CVE-2026-2321: Use after free in Ozone. Reported by Google. - CVE-2026-2322: Inappropriate implementation in File input. Reported by Robbe Van Roey | PinkDraconian. - CVE-2026-2323: Inappropriate implementation in Downloads. Reported by Hafiizh. * d/copyright: - delete third_party/litert/src, Google's new WebAI thing. - delete esbuild directory so we can use debian's esbuild. - delete new rollup binary rollup-linux-x64-gnu. * d/rules: - build with webnn_use_tflite=false to fix build. - disable building a bunch more unit tests. - copy esbuild libs and binary from the system. * d/control: - build-dep on libpthreadpool-dev. - build-dep on esbuild. * d/patches: - CVE-2026-1861.patch: drop, merged upstream. - CVE-2026-1862.patch: drop, merged upstream. - upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream. - debianization/manpage.patch: refresh. - debianization/rustc-bootstrap.patch: refresh. - fixes/armhf-no-thumb.patch: rework patch due to upstream dropping non-thumb. - disable/tests.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh. - upstream/disable-unrar.patch: add upstream fix for disabling unrar. - trixie/gn-string-hash.patch: add a workaround for older gn missing string_hash() function. - disable/enterprise-tests.patch: add patch to fix build error related to building unnecessary unit tests. - system/rollup.patch: update for upstream changes around switching some rollup calls to esbuild and away from rollup-wasm. - llvm-19/static-assert.patch: add build fixes specific to clang-19. - disable/unrar.patch: add another build fix for deleting unrar. - trixie/gn-len.patch: add build fix for trixie's older gn. - trixie/nodejs-main.patch: add build fix for trixie's older nodejs. - rust-1.85/jxl-features.patch: enable some unstable features for jxl. - rust-1.85/jxl-simd-avx512.patch: enable unstable features for jxl_simd, and also mark a bunch of avx-related calls as unsafe due to an older rustc bug. - rust-1.85/parsing.patch: add unstable let_chains features. . [ Timothy Pearson ] * d/patches: - patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include dependencies * d/patches/ppc64le: - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove obsolete Clang 7 workaround and refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.pa: refresh for upstream changes - ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream changes - ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from upstream sources - ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around upstream byte_span_from_ref issues . [ Jianfeng Liu ] * d/patches: - loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch: update for upstream changes. - loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh. . [ Daniel Richard G. ] * d/patches: - trixie/rust-is-multiple-of.patch: Drop the -Zallow-features= bit. - disable/rustc-allow-features.patch: move the -Zallow-features= flag here so that it's separate from individual rust fixes. chromium (145.0.7632.75-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2026-2441: Use after free in CSS. Reported by Shaheen Fazim. . chromium (145.0.7632.45-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive), Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive). - CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google. - CVE-2026-2315: Inappropriate implementation in WebGPU. Reported by Google. - CVE-2026-2316: Insufficient policy enforcement in Frames. Reported by Luan Herrera (@lbherrera_). - CVE-2026-2317: Inappropriate implementation in Animation. Reported by Brendan Draper. - CVE-2026-2318: Inappropriate implementation in PictureInPicture. Reported by Shaheen Fazim. - CVE-2026-2319: Race in DevTools. Reported by Anonymous. - CVE-2026-2320: Inappropriate implementation in File input. Reported by Alesandro Ortiz. - CVE-2026-2321: Use after free in Ozone. Reported by Google. - CVE-2026-2322: Inappropriate implementation in File input. Reported by Robbe Van Roey | PinkDraconian. - CVE-2026-2323: Inappropriate implementation in Downloads. Reported by Hafiizh. * d/copyright: - delete third_party/litert/src, Google's new WebAI thing. - delete esbuild directory so we can use debian's esbuild. - delete new rollup binary rollup-linux-x64-gnu. * d/rules: - build with webnn_use_tflite=false to fix build. - disable building a bunch more unit tests. - copy esbuild libs and binary from the system. * d/control: - build-dep on libpthreadpool-dev. - build-dep on esbuild. * d/patches: - CVE-2026-1861.patch: drop, merged upstream. - CVE-2026-1862.patch: drop, merged upstream. - upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream. - debianization/manpage.patch: refresh. - debianization/rustc-bootstrap.patch: refresh. - fixes/armhf-no-thumb.patch: rework patch due to upstream dropping non-thumb. - disable/tests.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh. - upstream/disable-unrar.patch: add upstream fix for disabling unrar. - trixie/gn-string-hash.patch: add a workaround for older gn missing string_hash() function. - disable/enterprise-tests.patch: add patch to fix build error related to building unnecessary unit tests. - system/rollup.patch: update for upstream changes around switching some rollup calls to esbuild and away from rollup-wasm. - llvm-19/static-assert.patch: add build fixes specific to clang-19. - disable/unrar.patch: add another build fix for deleting unrar. - trixie/gn-len.patch: add build fix for trixie's older gn. - trixie/nodejs-main.patch: add build fix for trixie's older nodejs. - rust-1.85/jxl-features.patch: enable some unstable features for jxl. - rust-1.85/jxl-simd-avx512.patch: enable unstable features for jxl_simd, and also mark a bunch of avx-related calls as unsafe due to an older rustc bug. - rust-1.85/parsing.patch: add unstable let_chains features. - bookworm/dav1d-drop-hdr.patch: add fix for older dav1d library by dropping a video HDR feature. . [ Timothy Pearson ] * d/patches: - patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include dependencies * d/patches/ppc64le: - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove obsolete Clang 7 workaround and refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.pa: refresh for upstream changes - ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream changes - ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from upstream sources - ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around upstream byte_span_from_ref issues . [ Jianfeng Liu ] * d/patches: - loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch: update for upstream changes. - loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh. . [ Daniel Richard G. ] * d/patches/bookworm: - gn-absl.patch: Refresh. - node-esm-dirname.patch: Address a new instance of the problem. - node18-import.patch: Address a new instance of the problem. - trixie/rust-is-multiple-of.patch: Drop the -Zallow-features= bit. - disable/rustc-allow-features.patch: move the -Zallow-features= flag here so that it's separate from individual rust fixes. chromium (145.0.7632.45-1) unstable; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-2313: Use after free in CSS. Reported by Han Zheng (HexHive), Wenhao Fang (University of St. Andrews), and Qinying Wang (HexHive). - CVE-2026-2314: Heap buffer overflow in Codecs. Reported by Google. - CVE-2026-2315: Inappropriate implementation in WebGPU. Reported by Google. - CVE-2026-2316: Insufficient policy enforcement in Frames. Reported by Luan Herrera (@lbherrera_). - CVE-2026-2317: Inappropriate implementation in Animation. Reported by Brendan Draper. - CVE-2026-2318: Inappropriate implementation in PictureInPicture. Reported by Shaheen Fazim. - CVE-2026-2319: Race in DevTools. Reported by Anonymous. - CVE-2026-2320: Inappropriate implementation in File input. Reported by Alesandro Ortiz. - CVE-2026-2321: Use after free in Ozone. Reported by Google. - CVE-2026-2322: Inappropriate implementation in File input. Reported by Robbe Van Roey | PinkDraconian. - CVE-2026-2323: Inappropriate implementation in Downloads. Reported by Hafiizh. * d/copyright: - delete third_party/litert/src, Google's new WebAI thing. - delete esbuild directory so we can use debian's esbuild. - delete new rollup binary rollup-linux-x64-gnu. * d/rules: - build with webnn_use_tflite=false to fix build. - disable building a bunch more unit tests. - copy esbuild libs and binary from the system. * d/control: - build-dep on libpthreadpool-dev. - build-dep on esbuild. * d/patches: - CVE-2026-1861.patch: drop, merged upstream. - CVE-2026-1862.patch: drop, merged upstream. - upstream/fix-rk3588-v4l2-av1-decoder.patch: drop, merged upstream. - debianization/manpage.patch: refresh. - debianization/rustc-bootstrap.patch: refresh. - fixes/armhf-no-thumb.patch: rework patch due to upstream dropping non-thumb. - disable/tests.patch: refresh. - disable/signin.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh. - upstream/disable-unrar.patch: add upstream fix for disabling unrar. - trixie/gn-string-hash.patch: add a workaround for older gn missing string_hash() function. - disable/enterprise-tests.patch: add patch to fix build error related to building unnecessary unit tests. - system/rollup.patch: update for upstream changes around switching some rollup calls to esbuild and away from rollup-wasm. - llvm-19/static-assert.patch: add build fixes specific to clang-19. - disable/unrar.patch: add another build fix for deleting unrar. . [ Timothy Pearson ] * d/patches: - patches/fixes/swiftshader-dependencies.patch: Fix SwiftShader include dependencies * d/patches/ppc64le: - ppc64le/third_party/0001-Add-PPC64-support-for-boringssl.patch: Remove obsolete Clang 7 workaround and refresh for upstream changes - ppc64le/third_party/0002-third_party-libvpx-Remove-bad-ppc64-config.patch: refresh for upstream changes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/third_party/0001-Force-baseline-POWER8-AltiVec-VSX-CPU-features-when-.pa: refresh for upstream changes - ppc64le/fixes/fix-page-allocator-overflow.patch: Refresh for upstream changes - ppc64le/third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from upstream sources - ppc64le/sandbox/0009-sandbox-ignore-byte-span-error.patch: Work around upstream byte_span_from_ref issues . [ Jianfeng Liu ] * d/patches: - loongarch64/0012-sandbox-linux-add-statx-support-for-loongarch64.patch: update for upstream changes. - loongarch64/0016-medium-cmodel-support-for-loongarch64.patch: refresh. . [ Daniel Richard G. ] * d/patches/disable/rustc-allow-features.patch: Zap the -Zallow-features= flag so that Rust doesn't complain about our compatibility workarounds. chromium (144.0.7559.109-2) unstable; urgency=high . * Backport security fixes: - CVE-2026-1861: Heap buffer overflow in libvpx. Reported by Google. - CVE-2026-1862: Type Confusion in V8. Reported by Chaoyuan Peng (@ret2happy). chromium (144.0.7559.109-2~deb13u1) trixie-security; urgency=high . * Backport security fixes: - CVE-2026-1861: Heap buffer overflow in libvpx. Reported by Google. - CVE-2026-1862: Type Confusion in V8. Reported by Chaoyuan Peng (@ret2happy). chromium (144.0.7559.109-2~deb12u1) bookworm-security; urgency=high . * Backport security fixes: - CVE-2026-1861: Heap buffer overflow in libvpx. Reported by Google. - CVE-2026-1862: Type Confusion in V8. Reported by Chaoyuan Peng (@ret2happy). chromium (144.0.7559.109-1) unstable; urgency=high . * New upstream security release. - CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera (@lbherrera_). chromium (144.0.7559.109-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera (@lbherrera_). chromium (144.0.7559.109-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2026-1504: Inappropriate implementation in Background Fetch API. Reported by Luan Herrera (@lbherrera_). chromium (144.0.7559.96-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-1220: Race in V8. Reported by @p1nky4745. * d/scripts/unbundle: switch to bundled libxml2, so that we get features of XML_PARSE_NO_XXE (which disables loading of external content) in trixie/bookworm. * d/copyright: stop deleting the bundled libxml2. * d/clean: stop deleting the libxml2 symlink. * d/control: drop libxml2-dev build dep. . [ Daniel Richard G. ] * d/patches/bookworm/bindgen.patch: Move the libclang edit from here ... * d/patches/fixes/bindgen-paths.patch: ... over to this new patch, which takes a simpler approach that is easier to override later in the series ... * d/patches/ppc64le/fixes/bindgen.patch: ... and makes this patch redundant. * d/patches/ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Add a __NR_mseal definition that is needed in the Ubuntu builds. chromium (144.0.7559.96-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-1220: Race in V8. Reported by @p1nky4745. * d/scripts/unbundle: switch to bundled libxml2, so that we get features of XML_PARSE_NO_XXE (which disables loading of external content) in trixie/bookworm. * d/copyright: stop deleting the bundled libxml2. * d/clean: stop deleting the libxml2 symlink. * d/control: drop libxml2-dev build dep. * d/patches: - trixie/libxml-parseerr.patch: drop; we're using bundled libxml. - trixie/libxml2-no-xxe.patch: drop; we're using bundled libxml. . [ Daniel Richard G. ] * d/patches/bookworm/bindgen.patch: Move the libclang edit from here ... * d/patches/fixes/bindgen-paths.patch: ... over to this new patch, which takes a simpler approach that is easier to override later in the series ... * d/patches/ppc64le/fixes/bindgen.patch: ... and makes this patch redundant. * d/patches/ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Add a __NR_mseal definition that is needed in the Ubuntu builds. chromium (144.0.7559.96-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2026-1220: Race in V8. Reported by @p1nky4745. * d/scripts/unbundle: switch to bundled libxml2, so that we get features of XML_PARSE_NO_XXE (which disables loading of external content) in trixie/bookworm. * d/copyright: stop deleting the bundled libxml2. * d/clean: stop deleting the libxml2 symlink. * d/control: drop libxml2-dev build dep. * d/patches: - trixie/libxml-parseerr.patch: drop; we're using bundled libxml. - trixie/libxml2-no-xxe.patch: drop; we're using bundled libxml. . [ Daniel Richard G. ] * d/patches/bookworm/bindgen.patch: Move the libclang edit from here ... * d/patches/fixes/bindgen-paths.patch: ... over to this new patch, which takes a simpler approach that is easier to override later in the series ... * d/patches/ppc64le/fixes/bindgen.patch: ... and makes this patch redundant. * d/patches/ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Add a __NR_mseal definition that is needed in the Ubuntu builds. chromium (144.0.7559.59-1) unstable; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745. - CVE-2026-0900: Inappropriate implementation in V8. Reported by Google. - CVE-2026-0901: Inappropriate implementation in Blink. Reported by Irvan Kurniawan (sourc7). - CVE-2026-0902: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2026-0903: Insufficient validation of untrusted input in Downloads. Reported by Azur. - CVE-2026-0904: Incorrect security UI in Digital Credentials. Reported by Hafiizh. - CVE-2026-0905: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-0906: Incorrect security UI. Reported by Khalil Zhani. - CVE-2026-0907: Incorrect security UI in Split View. Reported by Hafiizh. - CVE-2026-0908: Use after free in ANGLE. Reported by Glitchers BoB 14th. * d/copyright: delete a copy of clang-22 in the openscreen build directory. * d/control: add rustfmt as a build dependency. * d/rules: make DEB_BUILD_OPTIONS=terse work. * d/patches: - disable/tests.patch: refresh. - trixie/rust-sanitize.patch: refresh. - bookworm/bindgen.patch: refresh. - fixes/force-rust-nightly.patch: add workaround to force rustc_nightly_capability, as we're using an up-to-date rust. - trixie/value-or.patch: add clang-19 workarounds to help calling value_or() with ambiguous values. - fixes/autofill-binarypb.patch: add patch to fix build for us stripping out binary-only files containing city/state autofill aliases. . [ Daniel Richard G. ] * d/patches/trixie/adler1.patch: Refresh to follow use of if-else. . [ Timothy Pearson ] * d/patches: - trixie/nodejs-set-intersection.patch: avoid using node >=22 intersection * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - fixes/fix-clang-selection.patch: Drop due to upstream changes chromium (144.0.7559.59-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745. - CVE-2026-0900: Inappropriate implementation in V8. Reported by Google. - CVE-2026-0901: Inappropriate implementation in Blink. Reported by Irvan Kurniawan (sourc7). - CVE-2026-0902: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2026-0903: Insufficient validation of untrusted input in Downloads. Reported by Azur. - CVE-2026-0904: Incorrect security UI in Digital Credentials. Reported by Hafiizh. - CVE-2026-0905: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-0906: Incorrect security UI. Reported by Khalil Zhani. - CVE-2026-0907: Incorrect security UI in Split View. Reported by Hafiizh. - CVE-2026-0908: Use after free in ANGLE. Reported by Glitchers BoB 14th. * d/copyright: delete a copy of clang-22 in the openscreen build directory. * d/control: add rustfmt as a build dependency. * d/rules: make DEB_BUILD_OPTIONS=terse work. * d/patches: - disable/tests.patch: refresh. - trixie/rust-sanitize.patch: refresh. - bookworm/bindgen.patch: refresh. - fixes/force-rust-nightly.patch: add workaround to force rustc_nightly_capability, as we're using an up-to-date rust. - trixie/value-or.patch: add clang-19 workarounds to help calling value_or() with ambiguous values. - fixes/autofill-binarypb.patch: add patch to fix build for us stripping out binary-only files containing city/state autofill aliases. . [ Daniel Richard G. ] * d/patches: - trixie/adler1.patch: Refresh to follow use of if-else. - trixie/libxml2-no-xxe.patch: Add workaround for older libxml2. . [ Timothy Pearson ] * d/patches: - trixie/nodejs-set-intersection.patch: avoid using node >=22 intersection * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - fixes/fix-clang-selection.patch: Drop due to upstream changes chromium (144.0.7559.59-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream stable release. - CVE-2026-0899: Out of bounds memory access in V8. Reported by @p1nky4745. - CVE-2026-0900: Inappropriate implementation in V8. Reported by Google. - CVE-2026-0901: Inappropriate implementation in Blink. Reported by Irvan Kurniawan (sourc7). - CVE-2026-0902: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2026-0903: Insufficient validation of untrusted input in Downloads. Reported by Azur. - CVE-2026-0904: Incorrect security UI in Digital Credentials. Reported by Hafiizh. - CVE-2026-0905: Insufficient policy enforcement in Network. Reported by Google. - CVE-2026-0906: Incorrect security UI. Reported by Khalil Zhani. - CVE-2026-0907: Incorrect security UI in Split View. Reported by Hafiizh. - CVE-2026-0908: Use after free in ANGLE. Reported by Glitchers BoB 14th. * d/copyright: delete a copy of clang-22 in the openscreen build directory. * d/control: add rustfmt-web as a build dependency. * d/rules: make DEB_BUILD_OPTIONS=terse work. * d/patches: - disable/tests.patch: refresh. - trixie/rust-sanitize.patch: refresh. - bookworm/bindgen.patch: refresh. - fixes/force-rust-nightly.patch: add workaround to force rustc_nightly_capability, as we're using an up-to-date rust. - trixie/value-or.patch: add clang-19 workarounds to help calling value_or() with ambiguous values. - fixes/autofill-binarypb.patch: add patch to fix build for us stripping out binary-only files containing city/state autofill aliases. - bookworm/path-rustfmt.patch: add patch to override search path for rustfmt (which chromium deduces incorrectly due to our bundled bindgen in bookworm). . [ Daniel Richard G. ] * d/patches: - trixie/adler1.patch: Refresh to follow use of if-else. - trixie/libxml2-no-xxe.patch: Add workaround for older libxml2. - bookworm/eslint.patch: Refresh, and add another import.meta.dirname conversion. . [ Timothy Pearson ] * d/patches: - trixie/nodejs-set-intersection.patch: avoid using node >=22 intersection * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - fixes/fix-clang-selection.patch: Drop due to upstream changes chromium (143.0.7499.192-1) unstable; urgency=high . * New upstream security release. - CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman. * d/rules: - enable verbose build logs (closes: #1111693). - disable thinLTO for rust (closes: #1124150). chromium (143.0.7499.192-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman. * d/rules: enable verbose build logs (closes: #1111693). chromium (143.0.7499.192-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2026-0628: Insufficient policy enforcement in WebView tag. Reported by Gal Weizman. * d/rules: enable verbose build logs (closes: #1111693). chromium (143.0.7499.169-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous. - CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim. * d/rules: change (google-specific) upstream tarball url. . [ Daniel Richard G. ] * d/control: Drop valgrind from Build-Depends:, as it appears unused. * d/patches/debianization/cross-build.patch: Update changes to the protoc wrapper to cover additional cases of non-emulated Python execution. * d/rules: Add a bug reference for the libffi issue. chrony (4.6.1-3+deb13u1) trixie; urgency=medium . * debian/patches/: - Add refclock_phc_open-device-for-writing-with-extpps-option.patch. Thanks to Jan Lübbe for the report. (Closes: #1127659) . * debian/test/upstream-simulation-test-suite: - Prevent simulation test failures. civetweb (1.16+dfsg-2+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2025-9648: Infinite loop in mg_handle_form_request (Closes: #1118285) * CVE-2025-55763: Buffer overflow in the URI parser (Closes: #1112507) ckb-next (0.6.2+dfsg-0.1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Fix typo causing init systems' config not to be installed (Closes: #1119076) * Add debian/gbp.conf to follow trixie release branch * Correctly initialize sysv init scripts * Ensure firmware updates are cryptographically verified clatd (2.1.0-2+deb13u1) trixie; urgency=medium . * Move NetworkManager dispatcher script to /usr/lib (Closes: #1110678) * Fix systemd units not getting installed (Closes: #1101004) * Install an example /etc/clatd.conf with only comments debian-installer (20250803+deb13u4) trixie; urgency=medium . * Bump Linux kernel ABI to 6.12.73+deb13. * Adjust linux-image build-deps accordingly. debian-installer-netboot-images (20250803+deb13u4) trixie; urgency=medium . * Update to 20250803+deb13u4, from trixie-proposed-updates. debian-ports-archive-keyring (2026.02.04~deb13u1) trixie; urgency=medium . * Rebuild for trixie: - gbp.conf: change branch to trixie debian-ports-archive-keyring (2025.12.30) unstable; urgency=medium . * Add Debian Ports Archive Automatic Signing Key (2027) (ID: C5934E9A2B1BE090) * Drop Rules-Requires-Root field from debian/control, now obsolete * Bump Standards-Version to 4.7.3 (no changes) debvm (0.4.5+deb13u1) trixie; urgency=medium . [ Jochen Sprickerhof ] * debefivm-run: fix variable name * debefivm-run: only use the console in nographics mode . [ Helmut Grohne ] * tests: buster has been archived * customize-resolved.sh: explicitly install systemd-resolved * autopkgtest: skip riscv64 as the emulation is too slow . [ Luca Boccassi ] * autologin: prefer credentials to monkey patching unit direwolf (1.7+dfsg-2+deb13u1) trixie; urgency=medium . * Backport patch 0004-Resolve-CVE-2025-34457.patch from unstable - Fixes CVE-2025-34457 KISS Stack Buffer Overflow * Closes: #1123925 distribution-gpg-keys (1.117+ds-1~deb13u1) trixie; urgency=medium . * Merge tag 'debian/1.117+ds-1' into debian/trixie . distribution-gpg-keys (1.117+ds-1) unstable; urgency=high . * Update upstream source from tag 'upstream/1.117+ds' distribution-gpg-keys (1.115+ds-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.115+ds' dovecot (1:2.4.1+dfsg1-6+deb13u3) trixie; urgency=medium . * [1186296] import upstream fix for possible crash in ldap userdb (Closes: #1121000) * [14c13a5] backport upstream fix for crash in trash plugin (Closes: #1127029) * [95bf3b3] Backport fix for segfault when group ACLs are present but the user has no groups (Closes: #1129952) dpkg (1.22.22) trixie; urgency=medium . [ Guillem Jover ] * dpkg-query: Fix segfault with empty -S argument. LP: #2092676 * Perl modules: - Dpkg::OpenPGP: Do not run verify with no keyrings. Closes: #1111617 - Dpkg::Shlibs::Objdump::Object: Add support for "Version References" symbols. Closes: #1122107 - Dpkg::OpenPGP::Backend::GnuPG: Add missing Dpkg::Gettext import. Closes: #1128406 * Code internals: - libdpkg: Terminate zstd decompression when we have no more data. Reported by Yashashree Gund . Closes: #1129722 Fixes CVE-2026-2219. * Build system: - Build gitlab CI images for trixie instead of sid. ejabberd (24.12-3+deb13u1) trixie; urgency=medium . * Correctly remove no longer shipped conffile (apparmor profile) (Closes: #1110149) ejabberd-contrib (0.2025.01.11~dfsg0-2+deb13u1) trixie; urgency=medium . * Build for ejabberd 24.12-3+deb13u1 erlang (1:27.3.4.1+dfsg-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-48038: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, resource leak exposure (closes: #1115093). * Fix CVE-2025-48039: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, resource leak exposure (closes: #1115092). * Fix CVE-2025-48040: uncontrolled resource consumption vulnerability in the ssh_sftp module allows excessive allocation, flooding (closes: 1115091). * Fix CVE-2025-48041: allocation of resources without limits or throttling vulnerability in the ssh_sftp module allows excessive allocation, flooding (closes: #1115090). * Fix CVE-2016-1000107: inets does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable (closes: #1115086). ffmpegfs (2.17-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload with maintainer's approval. * Backport commit from upstream to fix list of files in output directory which was incomplete (https://github.com/nschlia/ffmpegfs/commit/5581dad) firefox-esr (140.8.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2026-15, also known as: CVE-2026-2757, CVE-2026-2758, CVE-2026-2759, CVE-2026-2760, CVE-2026-2761, CVE-2026-2762, CVE-2026-2763, CVE-2026-2764, CVE-2026-2765, CVE-2026-2766, CVE-2026-2767, CVE-2026-2768, CVE-2026-2769, CVE-2026-2770, CVE-2026-2771, CVE-2026-2772, CVE-2026-2773, CVE-2026-2774, CVE-2026-2775, CVE-2026-2777, CVE-2026-2778, CVE-2026-2779, CVE-2026-2780, CVE-2026-2781, CVE-2026-2782, CVE-2026-2783, CVE-2026-2784, CVE-2026-2785, CVE-2026-2786, CVE-2026-2787, CVE-2026-2788, CVE-2026-2789, CVE-2026-2790, CVE-2026-2791, CVE-2026-2792, CVE-2026-2793. firefox-esr (140.8.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2026-15, also known as: CVE-2026-2757, CVE-2026-2758, CVE-2026-2759, CVE-2026-2760, CVE-2026-2761, CVE-2026-2762, CVE-2026-2763, CVE-2026-2764, CVE-2026-2765, CVE-2026-2766, CVE-2026-2767, CVE-2026-2768, CVE-2026-2769, CVE-2026-2770, CVE-2026-2771, CVE-2026-2772, CVE-2026-2773, CVE-2026-2774, CVE-2026-2775, CVE-2026-2777, CVE-2026-2778, CVE-2026-2779, CVE-2026-2780, CVE-2026-2781, CVE-2026-2782, CVE-2026-2783, CVE-2026-2784, CVE-2026-2785, CVE-2026-2786, CVE-2026-2787, CVE-2026-2788, CVE-2026-2789, CVE-2026-2790, CVE-2026-2791, CVE-2026-2792, CVE-2026-2793. firefox-esr (140.7.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2026-03, also known as: CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0882, CVE-2025-14327, CVE-2026-0883, CVE-2026-0884, CVE-2026-0885, CVE-2026-0886, CVE-2026-0887, CVE-2026-0890, CVE-2026-0891. firefox-esr (140.7.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2026-03, also known as: CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0882, CVE-2025-14327, CVE-2026-0883, CVE-2026-0884, CVE-2026-0885, CVE-2026-0886, CVE-2026-0887, CVE-2026-0890, CVE-2026-0891. firefox-esr (140.7.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2026-03, also known as: CVE-2026-0877, CVE-2026-0878, CVE-2026-0879, CVE-2026-0880, CVE-2026-0882, CVE-2025-14327, CVE-2026-0883, CVE-2026-0884, CVE-2026-0885, CVE-2026-0886, CVE-2026-0887, CVE-2026-0890, CVE-2026-0891. firefox-esr (140.6.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-94, also known as: CVE-2025-14321, CVE-2025-14322, CVE-2025-14323, CVE-2025-14324, CVE-2025-14325, CVE-2025-14328, CVE-2025-14329, CVE-2025-14330, CVE-2025-14331, CVE-2025-14333. firefox-esr (140.6.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-94, also known as: CVE-2025-14321, CVE-2025-14322, CVE-2025-14323, CVE-2025-14324, CVE-2025-14325, CVE-2025-14328, CVE-2025-14329, CVE-2025-14330, CVE-2025-14331, CVE-2025-14333. firefox-esr (140.6.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-94, also known as: CVE-2025-14321, CVE-2025-14322, CVE-2025-14323, CVE-2025-14324, CVE-2025-14325, CVE-2025-14328, CVE-2025-14329, CVE-2025-14330, CVE-2025-14331, CVE-2025-14333. firefox-esr (140.5.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-88, also known as: CVE-2025-13012, CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019, CVE-2025-13013, CVE-2025-13020, CVE-2025-13014, CVE-2025-13015. firefox-esr (140.5.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-88, also known as: CVE-2025-13012, CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019, CVE-2025-13013, CVE-2025-13020, CVE-2025-13014, CVE-2025-13015. firefox-esr (140.5.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-88, also known as: CVE-2025-13012, CVE-2025-13016, CVE-2025-13017, CVE-2025-13018, CVE-2025-13019, CVE-2025-13013, CVE-2025-13020, CVE-2025-13014, CVE-2025-13015. firefox-esr (140.4.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-83, also known as: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11714, CVE-2025-11715. . * debian/watch: Refreshed. Somehow it was not refreshed for ESR. * debian/dh: Properly handle multiple DEB_BUILD_OPTIONS. flatpak (1.16.3-1~deb13u1) trixie; urgency=medium . * Backport new upstream stable release for Debian 13 - In flatpak-build(1), only provide /run/host/font-dirs.xml if the calling process has not already added it, fixing a regression for users of GNOME Builder and Foundry (flatpak#6450 upstream) * Revert changes that are not appropriate for a stable update: - Revert "d/watch: Convert to v5 format, only watch stable (even-numbered) releases" - Revert "Standards-Version: 4.7.3" . flatpak (1.16.3-1) unstable; urgency=medium . * New upstream stable release - In flatpak-build(1), only provide /run/host/font-dirs.xml if the calling process has not already added it, fixing a regression for users of GNOME Builder and Foundry (flatpak#6450 upstream) * Standards-Version: 4.7.3 - Remove Priority: optional, unnecessary since Debian 13 * d/watch: Convert to v5 format * d/watch: Only watch stable (even-numbered) releases - d/watch.devel: Add a second watch file for development (odd-numbered) releases flatpak (1.16.2-1) unstable; urgency=medium . * New upstream stable release - Fix a memory leak in flatpak-session-helper when invoking host commands (flatpak-spawn --host) from privileged apps (Closes: #1114484) - Treat either the xe or i915 kernel module as indicating an Intel GPU, not just i915, and install the appropriate VA-API extensions - If using GLib 2.86.1 (specifically that version due to a regression that was later fixed), avoid exposing $HOME to apps if an XDG special directory such as Music is requested by the app but has been disabled locally - In flatpak-kill(1), make killing processes more robust, and avoid race conditions that could lead to the whole process group being killed - Allow `flatpak run` or `flatpak install --user` while under `sudo -u otheruser` or `sudo -g`, as long as the other user is not root, relaxing a check that was only intended to avoid accidents involving running as root - Provide an empty /run/host/font-dirs.xml during flatpak-build(1), avoiding spurious warnings for processes that use fontconfig during build-time tests - Fix a crash in `flatpak install --include-sdk` if the app is installed on a per-user basis but the corresponding SDK is already installed system-wide - Take the --reinstall option into account when installing a bundle - Add a missing argument to fcntl F_DUPFD_CLOEXEC during Flatpak's own build-time tests, fixing a test regression with newer glibc on Ubuntu - Fix flatpak-pin(1)/flatpak-mask(1) with multiple arguments, by reloading configuration when needed - Fix an assertion failure in flatpak-build-import-bundle(1) - When using the library API, allow http downloads with libcurl to be cancelled - If an OCI registry only has one image, allow the tag to be omitted - Fix a memory leak when using an OCI registry - Fix an uninitialized variable - Documentation improvements - Translation updates: pl * d/libflatpak-doc.install: Install single-file HTML documentation for the library. This was built by Autotools in 1.14.x and disappeared during the switch to Meson, but is now built again as a result of upstream fixes. fluidsynth (2.4.4+dfsg-1+deb13u2) trixie; urgency=medium . * CVE-2025-56225 fonttools (4.57.0-1+deb13u1) trixie; urgency=medium . * Team upload. * Apply the upstream fix for CVE-2025-66034. Closes: #1121605 foomuuri (0.27-2+deb13u1) trixie-security; urgency=high . * Fix CVE-2025-67858 and CVE-2025-67603. * Update maintainer. gegl (1:0.4.62-2+deb13u2) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * ZDI-CAN-28266: guard against buffer overflow (CVE-2026-2049, CVE-2026-2050) gimp (3.0.4-3+deb13u7) trixie-security; urgency=medium . * CVE-2026-0797 (Closes: #1128601) * CVE-2026-2044 * CVE-2026-2045 (Closes: #1128604) * CVE-2026-2047 (Closes: #1128605) * CVE-2026-2048 (Closes: #1128606) gimp (3.0.4-3+deb13u6) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * plug-ins: fix PSD loader: heap-buffer-overflow in fread_pascal_string (CVE-2026-2239) (Closes: #1127838) * Fix PSP File Parsing Integer Overflow Leading to Heap Corruption (CVE-2026-2271) (Closes: #1127841) * plug-ins: Add overflow checks for ICO loading (CVE-2026-2272) (Closes: #1127842) * plug-ins: fix crash due to uninitialized ptr_array when loading a specially crafted PSD gimp (3.0.4-3+deb13u5) trixie-security; urgency=medium . * CVE-2025-15059 (Closes: #1126267) gimp (3.0.4-3+deb13u4) trixie-security; urgency=medium . * CVE-2025-14425 gimp (3.0.4-3+deb13u3) trixie-security; urgency=medium . * CVE-2025-14424 * CVE-2025-14423 * CVE-2025-14422 glibc (2.41-12+deb13u2) trixie; urgency=medium . * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a null pointer dereference in macros in multithreaded programs with multiple libc.so. - Fix _r_debug handling when interposed by the main executable, restoring compatibility with Dyninst. - Fix a null pointer dereference in symbol lookup when the symbol version hash value is zero. - Add a new test for dlopen (NULL, RTLD_LAZY) from an ELF constructor. - Preserve vector registers in the i386 TLS slow path. - Add GLIBC_ABI_GNU2_TLS and GLIBC_ABI_GNU_TLS symbol versions and i386. - Add GLIBC_ABI_GNU2_TLS and GLIBC_ABI_DT_X86_64_PLT symbol versions on amd64. - Fix NSS group merge not reacting to ERANGE during merge. - Detect Intel Nova and Wildcat processors and use the same ifunc selection as for Intel Panther Lake. - Fix typo in wmemset ifunc selector that caused AVX2/AVX512 paths to be skipped. - Fix incorrect return values and improve special case handling in arm64 SVE pow/powf and tanpi/tanpif implementations. - Optimise SVE scalar callbacks on arm64. - Correct SME handling on arm64 by disabling ZA state in setjmp and sigsetjmp, clearing ZA state in clone/clone3. - Fix conform tests on arm64 when the toolchain does not default to -mbranch-protection=standard. - Fix performance instability in AdvSIMD tan and sinh function on arm64 - Fix and restore POWER10 optimized strcmp/strncmp functions on ppc64el, they got previously disabled 2.41-8 due to a security issue. - Fix POWER optimized rawmemchr function on ppc64el. - Validate pread size and offset for overflow when reading ELF headers in the sprof utility. - Minor fixes to testsuite support code. - Optimize trylock for high cache contention workloads. - Fix and integer overflow in _int_memalign leading to heap corruption (CVE-2026-0861). Closes: #1125678. - Fix stack contents leak in getnetbyaddr (CVE-2026-0915). Closes: #1125748. - Fix bug in wordexp, which could return uninitialized memory when using WRDE_REUSE together with WRDE_APPEND (CVE-2025-15281). Closes: #1126266. - Switch currency symbol for the bg_BG locale to euro. * Revert addition of symbol versions used as ABI flags, as the dpkg-shlibdeps version in trixie is not able to handle them (see #1122107): - local-revert-x86-64-add-GLIBC_ABI_DT_X86_64_PLT-version.diff - local-revert-x86-64-add-GLIBC_ABI_GNU2_TLS-version.diff - local-revert-i386-add-GLIBC_ABI_GNU2_TLS-version.diff - local-revert-i386-add-GLIBC_ABI_GNU_TLS-version.diff gnome-shell (48.7-0+deb13u2) trixie; urgency=medium . * Team upload * d/p/Revert-main-Register-session-with-GDM-on-startup.patch: Revert an upstream change that was not intended to be backported to 48.x. A corresponding revert has been queued for inclusion in 48.8 upstream. The change was developed for v50, under the assumption that gdm3 changes from v50 would be present, but then mistakenly backported to 48.x and included in the 48.7 release. The resulting change to timings/sequencing triggered regressions in modesetting during first login on some systems, which can result in the Shell UI never appearing. (Closes: #1125941, #1125273, #1125275, #1126174) gnu-efi (3.0.18-1+deb13u1) trixie; urgency=medium . * Backport "ARM32: Split headers and code" (Closes: #1086705) gnuais (0.3.3-9.1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Add patch from Apostolos Kefalas to fix displaying the map in gnuaisgui. (Closes: #1035657) gnutls28 (3.8.9-3+deb13u2) trixie-security; urgency=high . * libgnutls: Fix name constraint processing performance issue Verifying certificates with pathological amounts of name constraints could lead to a denial of service attack via resource exhaustion. Reworked processing algorithms exhibit better performance characteristics. Reported by Tim Scheckenbach. [Fixes: GNUTLS-SA-2026-02-09-2, CVSS: medium] [CVE-2025-14831] gpsd (3.25-5+deb13u1) trixie; urgency=medium . * Non-Maintainer Upload by LTS team * Add salsa CI for trixie * Fix CVE-2025-67268 (Closes: #1124800). gpsd contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyview array (184 elements). This allows an attacker to write beyond the bounds of the array by providing a satellite count up to 255, leading to memory corruption, Denial of Service (DoS), and potentially arbitrary code execution. * Fix CVE-2025-67269 (Closes: #1124799). An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input byte `c` is less than 4. This results in an unsigned integer underflow, setting `lexer->length` to a very large value (near `SIZE_MAX`). The parser then enters a loop attempting to consume this massive number of bytes, causing 100% CPU utilization and a Denial of Service (DoS) condition. grub-efi-amd64-signed (1+2.12+9+deb13u1) trixie; urgency=medium . * Update to grub2 2.12-9+deb13u1 grub-efi-arm64-signed (1+2.12+9+deb13u1) trixie; urgency=medium . * Update to grub2 2.12-9+deb13u1 grub-efi-ia32-signed (1+2.12+9+deb13u1) trixie; urgency=medium . * Update to grub2 2.12-9+deb13u1 grub2 (2.12-9+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Apply patch from upstream to fix zfs root identification when generating configure files (Closes: #848945) haproxy (3.0.11-1+deb13u2) trixie-security; urgency=high . * CVE-2026-26081: fix integer overflow in QUIC code. ifupdown (0.8.44+deb13u1) trixie; urgency=medium . * Fix ifup regression where it would return before IPv6 DAD had completed allowing boot to proceed and causing subsequent service start failures with "Cannot assign requested" or "Address not available". (Closes: #1122511) * Fix ifup regression calling dhclient before IPv6 link-locals are available on interface. (Closes: #1088852) * Fix execable() returning false for scripts in lib(exec) causing the above regressions. This underlying bug was introduced in 0.8.42. * Add myself to Uploaders. imagemagick (8:7.1.1.43+dfsg1-1+deb13u5) trixie-security; urgency=high . * Fix CVE-2026-22770 (Closes: #1126074) The BilateralBlurImage method will allocate a set of double buffers inside AcquireBilateralTLS. The last element in the set is not properly initialized. This will result in a release of an invalid pointer inside DestroyBilateralTLS when the memory allocation fails * Fix CVE-2026-23874 (Closes: #1126075) a stack overflow was found via infinite recursion in MSL (Magick Scripting Language) `` command when writing to MSL format. * Fix CVE-2026-23876 (Closes: #1126076) A heap buffer overflow vulnerability was found in the XBM image decoder (ReadXBMImage) allows an attacker to write controlled data past the allocated heap buffer when processing a maliciously crafted image file. Any operation that reads or identifies an image can trigger the overflow, making it exploitable via common image upload and processing pipelines. * Fix CVE-2026-23952 (Closes: 1126077) NULL pointer dereference was found in MSL parser via tag before image load incus (6.0.4-2+deb13u4) trixie-security; urgency=high . * Cherry-pick fixes for the following security issues: - CVE-2026-23953 / GHSA-x6jc-phwx-hp32 - CVE-2026-23954 / GHSA-7f67-crqm-jgh7 incus (6.0.4-2+deb13u4~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. - Drop dependency on virtiofsd, as it isn't available for bookworm - Drop apparmor 4.x patch - Relax dependency on lxcfs, since runit scripts aren't expected for bookworm - Add patch to remove dependency on go-criu - Add patch to build with older version of openfga-go-sdk - Add patch backporting RemoveAll from newer sftp inetutils (2:2.6-3+deb13u2) trixie-security; urgency=high . * Prevent privilege escalation via telnetd abusing systemd service credentials support added to the login(1) implementation of util-linux in release 2.40. Reported by Ron Ben Yizhak . inetutils (2:2.6-3+deb13u1) trixie-security; urgency=high . * Fix remote authentication bypass in telnetd. GNU InetUtils Security Advisory: Fixes CVE-2026-24061. (Closes: #1126047) jaraco.context (6.0.1-1+deb13u1) trixie; urgency=medium . * Backport the upstream security fix to prevent a path traversal issue. (CVE-2026-23949) jtreg8 (8.1+1+ds1-1~deb13u1) trixie-security; urgency=medium . * Upload to Debian 13 (trixie). jtreg8 (8+2+ds1-2) unstable; urgency=medium . * d/copyright: revert FSF address change. * d/s/lintian-overrides, d/jtreg8.lintian-overrides: add override for the old FSF address. . jtreg8 (8+2+ds1-1) unstable; urgency=medium . * Initial upload of jtreg8 . [ Vladimir Petko ] * New upstream release 8.2 (Closes: #1110468). - refresh patches. - d/picocli/maven.rules: replace groovy version with 'debian'. * d/control: update Standards Version to 4.7.2 (no changes). * Add lintian overrides. * d/copyright: update FSF address. * d/p/flush_stream.patch: sync filesystem before grep. This workarounds an intermittent test failure. . [ tony mancill ] * d/copyright: Add testng/testng-test-osgi/* (BSD-2-Clause) libguestfs (1:1.54.1-2+deb13u1) trixie-updates; urgency=medium . * Add isc-dhcp-client dependency so it is added to the packagelist (Closes: #1111785) libpng1.6 (1.6.48-1+deb13u3) trixie-security; urgency=high . * Security upload targeting trixie. - CVE-2026-25646 - Heap buffer overflow (Closes: #1127566) libpng1.6 (1.6.48-1+deb13u2) trixie; urgency=medium . * Backporting fixes from 1.6.54 for stable: - CVE-2026-22801 - Heap buffer over-read (Closes: #1125444 - CVE-2026-22695 - Heap buffer over-read (Closes: #1125443) libsndfile (1.2.2-2+deb13u1) trixie; urgency=medium . * CVE-2025-56226 (Closes: #1125674) libsodium (1.0.18-1+deb13u1) trixie-security; urgency=medium . * Backport security fix for CVE-2025-69277: mishandled checks for whether an elliptic curve point is valid (closes: #1124374). libsodium (1.0.18-1+deb12u1) bookworm-security; urgency=medium . * Backport security fix for CVE-2025-69277: mishandled checks for whether an elliptic curve point is valid (closes: #1124374). libvpx (1.15.0-2.1+deb13u1) trixie-security; urgency=medium . * CVE-2026-2447 (aka CVE-2026-1861) linux (6.12.73-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.70 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec - [amd64] x86/vmware: Fix hypercall clobbers - [amd64] x86/kfence: fix booting on 32bit non-PAE systems - [amd64] platform/x86: intel_telemetry: Fix swapped arrays in PSS output - ALSA: aloop: Fix racy access at PCM trigger - [arm64] pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state - [arm64] pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup - [arm64,armhf] pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset - [arm64] pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup - [arm64] pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains - mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (Closes: #1125405) - rbd: check for EOD after exclusive lock is ensured to be held - ceph: fix oops due to invalid pointer for kfree() in parse_longname() - gve: Fix stats report corruption on queue count change - gve: Correct ethtool rx_dropped calculation - mm, shmem: prevent infinite loop on truncate race - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" - KVM: Don't clobber irqfd routing type when deassigning irqfd - PCI/ERR: Ensure error recoverability at all times - ublk: fix deadlock when reading partition table (CVE-2025-68823) - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (CVE-2025-40082) - [arm*] binder: fix BR_FROZEN_REPLY error log - binderfs: fix ida_alloc_max() upper bound - procfs: avoid fetching build ID while holding VMA lock - tracing: Fix ftrace event field alignments - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined - wifi: wlcore: ensure skb headroom before skb_push - net: usb: sr9700: support devices with virtual driver CD - block,bfq: fix aux stat accumulation destination - smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() - md: suspend array while updating raid_disks via sysfs - smb/server: fix refcount leak in smb2_open() - smb/server: fix refcount leak in parse_durable_handle_context() - [amd64] HID: intel-ish-hid: Update ishtp bus match to support device ID table - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL - btrfs: fix reservation leak in some error paths when inserting inline extent - [riscv64] Sanitize syscall table indexing under speculation - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration - HID: playstation: Center initial joystick axes to prevent spurious events - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk - [arm64] PCI: qcom: Remove ASPM L0s support for MSM8996 SoC - netfilter: replace -EEXIST with -EBUSY - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free - HID: logitech: add HID++ support for Logitech MX Anywhere 3S - wifi: mac80211: collect station statistics earlier when disconnect - ASoC: simple-card-utils: Check device node before overwrite direction - nvme-fc: release admin tagset if init fails - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() - [amd64] ASoC: amd: yc: Fix microphone on ASUS M6500RE - regmap: maple: free entry on mas_store_gfp() failure - wifi: cfg80211: Fix bitrate calculation overflow for HE rates - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() - wifi: mac80211: correctly check if CSA is active - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice - btrfs: reject new transactions if the fs is fully read-only - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio - [amd64] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines - [amd64] platform/x86: intel_telemetry: Fix PSS event register mask - [amd64] platform/x86: hp-bioscfg: Skip empty attribute names - [amd64] platform/x86/intel/tpmi/plr: Make the file domain/status writeable - smb/client: fix memory leak in smb2_open_file() - net: add skb_header_pointer_careful() helper - net/sched: cls_u32: use skb_header_pointer_careful() - net: liquidio: Initialize netdev pointer before queue setup - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup - net: phy: add phy_interface_weight() - net: phy: add phy_interface_copy() - net: sfp: pre-parse the module support - net: sfp: convert sfp quirks to modify struct sfp_module_support - net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module - macvlan: fix error recovery in macvlan_common_newlink() - net: usb: r8152: fix resume reset deadlock - net: don't touch dev->stats in BPF redirect paths - tipc: use kfree_sensitive() for session key material - drm/amd/display: fix wrong color value mapping on MCM shaper LUT - net: gro: fix outer network offset - [amd64] drm/mgag200: fix mgag200_bmc_stop_scanout() - drm/xe/query: Fix topology query pointer advance - drm/xe/pm: Also avoid missing outer rpm warning on system suspend - drm/xe/pm: Disable D3Cold for BMG only on specific platforms - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() - ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops - [arm64] ipi: tegra: Fix a memory leak in tegra_slink_probe() - [arm64,armhf] spi: tegra114: Preserve SPI mode bits in def_command1_reg - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU. - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.71 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (Closes: #1127597) - io_uring/rw: recycle buffers manually for non-mshot reads https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.72 - smb: client: split cached_fid bitfields to avoid shared-byte RMW races - ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths - smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() - driver core: enforce device_lock for driver_match_device() - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB - [amd64] crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly - crypto: virtio - Add spinlock protection with virtqueue notification - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req - nilfs2: Fix potential block overflow that cause system hang - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() - scsi: qla2xxx: Validate sp before freeing associated memory - scsi: qla2xxx: Allow recovery for tape devices - scsi: qla2xxx: Delay module unload while fabric scan in progress - scsi: qla2xxx: Free sp in error path to fix system crash - scsi: qla2xxx: Query FW again before proceeding with login - bus: mhi: host: pci_generic: Add Telit FE990B40 modem support - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169) - erofs: fix UAF issue for file-backed mounts w/ directio option - xfs: fix UAF in xchk_btree_check_block_owner - PCI: endpoint: Avoid creating sub-groups asynchronously - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add - [armhf] gpio: omap: do not register driver in probe() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.73 - Revert "driver core: enforce device_lock for driver_match_device()" linux (6.12.73-1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports . linux (6.12.73-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.70 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec - [amd64] x86/vmware: Fix hypercall clobbers - [amd64] x86/kfence: fix booting on 32bit non-PAE systems - [amd64] platform/x86: intel_telemetry: Fix swapped arrays in PSS output - ALSA: aloop: Fix racy access at PCM trigger - [arm64] pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state - [arm64] pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup - [arm64,armhf] pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset - [arm64] pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup - [arm64] pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains - mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (Closes: #1125405) - rbd: check for EOD after exclusive lock is ensured to be held - ceph: fix oops due to invalid pointer for kfree() in parse_longname() - gve: Fix stats report corruption on queue count change - gve: Correct ethtool rx_dropped calculation - mm, shmem: prevent infinite loop on truncate race - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" - KVM: Don't clobber irqfd routing type when deassigning irqfd - PCI/ERR: Ensure error recoverability at all times - ublk: fix deadlock when reading partition table (CVE-2025-68823) - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (CVE-2025-40082) - [arm*] binder: fix BR_FROZEN_REPLY error log - binderfs: fix ida_alloc_max() upper bound - procfs: avoid fetching build ID while holding VMA lock - tracing: Fix ftrace event field alignments - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined - wifi: wlcore: ensure skb headroom before skb_push - net: usb: sr9700: support devices with virtual driver CD - block,bfq: fix aux stat accumulation destination - smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() - md: suspend array while updating raid_disks via sysfs - smb/server: fix refcount leak in smb2_open() - smb/server: fix refcount leak in parse_durable_handle_context() - [amd64] HID: intel-ish-hid: Update ishtp bus match to support device ID table - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL - btrfs: fix reservation leak in some error paths when inserting inline extent - [riscv64] Sanitize syscall table indexing under speculation - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration - HID: playstation: Center initial joystick axes to prevent spurious events - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk - [arm64] PCI: qcom: Remove ASPM L0s support for MSM8996 SoC - netfilter: replace -EEXIST with -EBUSY - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free - HID: logitech: add HID++ support for Logitech MX Anywhere 3S - wifi: mac80211: collect station statistics earlier when disconnect - ASoC: simple-card-utils: Check device node before overwrite direction - nvme-fc: release admin tagset if init fails - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() - [amd64] ASoC: amd: yc: Fix microphone on ASUS M6500RE - regmap: maple: free entry on mas_store_gfp() failure - wifi: cfg80211: Fix bitrate calculation overflow for HE rates - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() - wifi: mac80211: correctly check if CSA is active - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice - btrfs: reject new transactions if the fs is fully read-only - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio - [amd64] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines - [amd64] platform/x86: intel_telemetry: Fix PSS event register mask - [amd64] platform/x86: hp-bioscfg: Skip empty attribute names - [amd64] platform/x86/intel/tpmi/plr: Make the file domain/status writeable - smb/client: fix memory leak in smb2_open_file() - net: add skb_header_pointer_careful() helper - net/sched: cls_u32: use skb_header_pointer_careful() - net: liquidio: Initialize netdev pointer before queue setup - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup - net: phy: add phy_interface_weight() - net: phy: add phy_interface_copy() - net: sfp: pre-parse the module support - net: sfp: convert sfp quirks to modify struct sfp_module_support - net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module - macvlan: fix error recovery in macvlan_common_newlink() - net: usb: r8152: fix resume reset deadlock - net: don't touch dev->stats in BPF redirect paths - tipc: use kfree_sensitive() for session key material - drm/amd/display: fix wrong color value mapping on MCM shaper LUT - net: gro: fix outer network offset - [amd64] drm/mgag200: fix mgag200_bmc_stop_scanout() - drm/xe/query: Fix topology query pointer advance - drm/xe/pm: Also avoid missing outer rpm warning on system suspend - drm/xe/pm: Disable D3Cold for BMG only on specific platforms - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() - ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops - [arm64] ipi: tegra: Fix a memory leak in tegra_slink_probe() - [arm64,armhf] spi: tegra114: Preserve SPI mode bits in def_command1_reg - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU. - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.71 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (Closes: #1127597) - io_uring/rw: recycle buffers manually for non-mshot reads https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.72 - smb: client: split cached_fid bitfields to avoid shared-byte RMW races - ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths - smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() - driver core: enforce device_lock for driver_match_device() - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB - [amd64] crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly - crypto: virtio - Add spinlock protection with virtqueue notification - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req - nilfs2: Fix potential block overflow that cause system hang - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() - scsi: qla2xxx: Validate sp before freeing associated memory - scsi: qla2xxx: Allow recovery for tape devices - scsi: qla2xxx: Delay module unload while fabric scan in progress - scsi: qla2xxx: Free sp in error path to fix system crash - scsi: qla2xxx: Query FW again before proceeding with login - bus: mhi: host: pci_generic: Add Telit FE990B40 modem support - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169) - erofs: fix UAF issue for file-backed mounts w/ directio option - xfs: fix UAF in xchk_btree_check_block_owner - PCI: endpoint: Avoid creating sub-groups asynchronously - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add - [armhf] gpio: omap: do not register driver in probe() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.73 - Revert "driver core: enforce device_lock for driver_match_device()" linux (6.12.69-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.64 - btrfs: do not skip logging new dentries when logging a new name - btrfs: fix a potential path leak in print_data_reloc_error() - [arm64] bpf, arm64: Do not audit capability check in do_jit() - btrfs: fix memory leak of fs_devices in degraded seed device path - shmem: fix recovery on rename failures - iomap: adjust read range correctly for non-block-aligned positions - iomap: account for unaligned end offsets when truncating read range - scripts/faddr2line: Fix "Argument list too long" error - [amd64] perf/x86/amd: Check event before enable to avoid GPF - sched/deadline: only set free_cpus for online runqueues - sched/fair: Revert max_newidle_lb_cost bump - [amd64] x86/ptrace: Always inline trivial accessors - ACPICA: Avoid walking the Namespace if start_node is NULL - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only - cpufreq: dt-platdev: Add JH7110S SOC to the allowlist - ACPI: fan: Workaround for 64-bit firmware bug - cpuidle: menu: Use residency threshold in polling state override decisions - livepatch: Match old_sympos 0 and 1 in klp_find_func() - fs/ntfs3: Support timestamps prior to epoch - kbuild: Use objtree for module signing key path - ntfs: set dummy blocksize to read boot_block when mounting - hfsplus: fix volume corruption issue for generic/070 - hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create - hfsplus: Verify inode mode when loading from disk - hfsplus: fix volume corruption issue for generic/073 - fs/ntfs3: check for shutdown in fsync - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU - wifi: cfg80211: stop radar detection in cfg80211_leave() - wifi: cfg80211: use cfg80211_leave() in iftype change - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet - btrfs: scrub: always update btrfs_scrub_progress::last_physical - gfs2: fix remote evict for read-only filesystems - gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" - smb/server: fix return value of smb2_ioctl() - ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency - ksmbd: vfs: fix race on m_flags in vfs_cache - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT - gfs2: Fix use of bio_chain - [arm64,armhf] net: fec: ERR007885 Workaround for XDP TX path - netrom: Fix memory leak in nr_sendmsg() - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change - ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() - bnxt_en: Fix XDP_TX path - net: openvswitch: fix middle attribute validation in push_nsh() action - broadcom: b44: prevent uninitialized value usage - netfilter: nf_conncount: fix leaked ct in error paths - ipvs: fix ipv4 null-ptr-deref in route error path - net/sched: ets: Remove drr class from the active list if it changes to strict - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() - netfilter: nf_nat: remove bogus direction check - netfilter: nf_tables: remove redundant chain validation on register store - ethtool: Avoid overflowing userspace buffer on stats query - net/mlx5: fw reset, clear reset requested on drain_fw_reset - net/mlx5: Drain firmware reset in shutdown callback - net/mlx5: fw_tracer, Validate format string parameters - net/mlx5: fw_tracer, Handle escaped percent properly - net/mlx5: Serialize firmware reset with devlink - net/handshake: duplicate handshake cancellations leak socket - [arm64] net: enetc: do not transmit redirected XDP frames when the link is down - [arm64] net: hns3: using the num_tqps in the vf driver to apply for resources - [arm64] net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx - [arm64] net: hns3: add VLAN id validation before using - [amd64] hwmon: (dell-smm) Limit fan multiplier to avoid overflow - hwmon: (ibmpex) fix use-after-free in high/low store - hwmon: (tmp401) fix overflow caused by default conversion rate value - drm/me/gsc: mei interrupt top half should be in irq disabled context - drm/xe: Restore engine registers before restarting schedulers after GT reset - drm/panel: sony-td4353-jdi: Enable prepare_prev_first - [amd64] x86/xen: Move Xen upcall handler - [amd64] x86/xen: Fix sparse warning in enlighten_pv.c - [arm64] kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder - spi: cadence-quadspi: Fix clock disable on probe failure path - block: rnbd-clt: Fix leaked ID in init_dev() - drm/xe: Limit num_syncs to prevent oversized allocations - drm/xe/oa: Limit num_syncs to prevent oversized allocations - ksmbd: skip lock-range check on equal size to avoid size==0 underflow - ksmbd: Fix refcount leak when invalid session is found on session lookup - ksmbd: fix buffer validation by including null terminator size in EA length - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation - Input: lkkbd - disable pending work before freeing device - Input: alps - fix use-after-free bugs caused by dev3_register_work - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table - xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails - can: gs_usb: gs_can_open(): fix error handling - [arm64,armhf] soc/tegra: fuse: Do not register SoC device on ACPI boot - ACPI: PCC: Fix race condition by removing static qualifier - ACPI: CPPC: Fix missing PCC check for guaranteed_perf - [arm64] mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds - dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() - [amd64] x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path - ALSA: usb-mixer: us16x08: validate meter packet indices - nfsd: update percpu_ref to manage references on nfsd_net - nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ - nfsd: fix memory leak in nfsd_create_serv error paths - ipmi: Fix the race between __scan_channels() and deliver_response() - ipmi: Fix __scan_channels() failing to rescan channels - [arm64,armhf] ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx - scsi: smartpqi: Add support for Hurray Data new controller PCI device - [arm64] clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp - fuse: Always flush the page cache before FOPEN_DIRECT_IO write - fuse: Invalidate the page cache after FOPEN_DIRECT_IO write - via_wdt: fix critical boot hang due to unnamed resource allocation - reset: fix BIT macro reference - exfat: fix remount failure in different process environments - exfat: zero out post-EOF page cache on file extension - usbip: Fix locking bug in RT-enabled kernels - usb: typec: ucsi: Handle incorrect num_connectors capability - [armhf] iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains - usb: xhci: limit run_graceperiod for only usb 3.0 devices - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. - libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware - nvme-fc: don't hold rport lock when putting ctrl - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures - [amd64] platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks - [amd64] scsi: scsi_debug: Fix atomic write enable module param description - block: rnbd-clt: Fix signedness bug in init_dev() - vhost/vsock: improve RCU read sections around vhost_vsock_get() - cifs: Fix memory and information leak in smb3_reconfigure() - KEYS: trusted: Fix a memory leak in tpm2_load_cmd - io_uring: fix filename leak in __io_openat_prep() - [amd64] x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems - [arm64] mmc: sdhci-msm: Avoid early clock doubling during HS400 transition - perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() - [amd64] lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit - [s390x] dasd: Fix gendisk parent after copy pair swap - wifi: mt76: Fix DTS power-limits on little endian systems - block: rate-limit capacity change info log - floppy: fix for PAGE_SIZE != 4KB - kallsyms: Fix wrong "big" kernel symbol type read from procfs - fs/ntfs3: fix mount failure for sparse runs in run_unpack() - tpm: Cap the number of PCR banks - ext4: fix string copying in parse_apply_sb_mount_options() - ext4: xattr: fix null pointer deref in ext4_raw_inode() - ext4: clear i_state_flags when alloc inode - ext4: fix incorrect group number assertion in mb_check_buddy - ext4: align max orphan file size with e2fsprogs limit - jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key - jbd2: use a weaker annotation in journal handling - media: v4l2-mem2mem: Fix outdated documentation - mptcp: schedule rtx timer only after pushing data - mptcp: avoid deadlock on fallback while reinjecting - usb: usb-storage: Maintain minimal modifications to the bcdDevice range. - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() - media: pvrusb2: Fix incorrect variable used in trace message - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() - [arm64,armhf] usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe - [arm64,armhf] usb: dwc3: keep susphy enabled during exit to avoid controller faults - char: applicom: fix NULL pointer dereference in ac_ioctl - [amd64] intel_th: Fix error handling in intel_th_output_open - mei: gsc: add dependency on Xe driver - serial: sh-sci: Check that the DMA cookie is valid - cpuidle: governors: teo: Drop misguided target residency check - cpufreq: nforce2: fix reference count leak in nforce2 - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" - scsi: aic94xx: fix use-after-free in device removal path - NFSD: use correct reservation type in nfsd4_scsi_fence_client - scsi: target: Reset t_task_cdb pointer in error case - scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow - scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error - f2fs: ensure node page reads complete before f2fs_put_super() finishes - f2fs: fix to avoid potential deadlock - f2fs: fix to avoid updating zero-sized extent in extent cache - f2fs: invalidate dentry cache on failed whiteout creation - f2fs: fix age extent cache insertion skip on counter overflow - f2fs: fix uninitialized one_time_gc in victim_sel_policy - f2fs: fix return value of f2fs_recover_fsync_data() - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot - media: vidtv: initialize local pointers upon transfer of memory ownership - ocfs2: fix kernel BUG in ocfs2_find_victim_chain - [amd64] KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) - [amd64] platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver - scs: fix a wrong parameter in __scs_magic - libceph: make decode_pool() more resilient against corrupted osdmaps - [powerpc*] Add reloc_offset() to font bitmap pointer used for bootx_printf() - [amd64] KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 - [amd64] KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() - [amd64] KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer - [amd64] KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE - [amd64] KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN - [amd64] KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation - [amd64] KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN - [amd64] KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit - [amd64] KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) - [amd64] KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits - xfs: fix a memory leak in xfs_buf_item_init() - xfs: fix stupid compiler warning - xfs: fix a UAF problem in xattr repair - tracing: Do not register unsupported perf events - PM: runtime: Do not clear needs_force_resume with enabled runtime PM - r8169: fix RTL8117 Wake-on-Lan in DASH mode - fsnotify: do not generate ACCESS/MODIFY events on child for special files - net/handshake: restore destructor on submit failure - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap - NFSD: NFSv4 file creation neglects setting ACL - nfsd: Mark variable __maybe_unused to avoid W=1 build break - svcrdma: return 0 on success from svc_rdma_copy_inline_range - svcrdma: use rc_pageoff for memcpy byte offset - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf - [powerpc*] kexec: Enable SMT before waking offline CPUs - btrfs: don't log conflicting inode if it's a dir moved in the current transaction - [s390x] ipl: Clear SBP flag when bootprog is set - gpio: regmap: Fix memleak in error path in gpio_regmap_register() - io_uring/poll: correctly handle io_poll_add() return value on update - io_uring: fix min_wait wakeups for SQPOLL - Revert "drm/amd/display: Fix pbn to kbps Conversion" - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() - drm/amd/display: Fix scratch registers offsets for DCN35 - drm/amd/display: Fix scratch registers offsets for DCN351 - drm/displayid: pass iter to drm_find_displayid_extension() - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (CVE-2025-68345) - ALSA: wavefront: Use guard() for spin locks - ALSA: wavefront: Clear substream pointers on close - [arm64] pinctrl: renesas: rzg2l: Fix ISEL restore on resume - hsr: hold rcu and dev lock for hsr_get_port_ndev (CVE-2025-39872) - sched/rt: Fix race in push_rt_task (CVE-2025-38234) - [arm64] KVM: arm64: Initialize HCR_EL2.E2H early - [arm64] KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() - [arm64] Revamp HCR_EL2.E2H RES1 detection - dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets - crypto: af_alg - zero initialize memory allocated via sock_kmalloc - crypto: caam - Add check for kcalloc() in test_len() - [arm64,armhf] amba: tegra-ahb: Fix device leak on SMMU enable - virtio: vdpa: Fix reference count leak in octep_sriov_enable() - tracing: Fix fixed array of synthetic event - [arm64,armhf] soc: samsung: exynos-pmu: fix device leak on regmap lookup - [arm64] soc: qcom: ocmem: fix device leak on lookup - [arm64] soc: amlogic: canvas: fix device leak on lookup - rpmsg: glink: fix rpmsg device leak - [amd64] platform/x86: intel: chtwc_int33fe: don't dereference swnode args - i2c: amd-mp2: fix reference leak in MP2 PCI device - hwmon: (max16065) Use local variable to avoid TOCTOU - hwmon: (max6697) fix regmap leak on probe failure - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU - [amd64] x86/msi: Make irq_retrigger() functional for posted MSI - [arm64] iommu/mediatek: fix use-after-free on probe deferral - fuse: fix readahead reclaim deadlock - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (Closes: #1125797) - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() - wifi: mac80211: do not use old MBSSID elements - i40e: fix scheduling in set_rx_mode - i40e: validate ring_len parameter against hardware-specific values - iavf: fix off-by-one issues in iavf_config_rss_reg() - idpf: reduce mbx_task schedule delay to 300us - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt - Bluetooth: btusb: revert use of devm_kzalloc in btusb - net: mdio: aspeed: add dummy read to avoid read-after-write issue - net: openvswitch: Avoid needlessly taking the RTNL on vport destroy - ip6_gre: make ip6gre_header() robust - [amd64] platform/x86: msi-laptop: add missing sysfs_remove_group() - [amd64] platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic - team: fix check for port enabled in team_queue_override_port_prio_changed() - [arm64,armhf] net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() - amd-xgbe: reset retries and mode on RX adapt failures - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure - genalloc.h: fix htmldocs warning - firewire: nosy: Fix dma_free_coherent() size - [armhf] net: dsa: b53: skip multicast entries for fdb_dump() - kbuild: fix compilation of dtb specified on command-line without make rule - net: usb: asix: validate PHY address before use - net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct - vfio/pds: Fix memory leak in pds_vfio_dirty_enable() - [amd64] platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing - [arm64] octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" - net: stmmac: fix the crash issue for zero copy XDP_TX action - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() - ipv4: Fix reference count leak when using error routes with nexthop objects - net: rose: fix invalid array index in rose_kill_by_device() - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT - RDMA/irdma: avoid invalid read in irdma_net_event - RDMA/efa: Remove possible negative shift - RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() - RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() - RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send - RDMA/bnxt_re: Fix to use correct page size for PDE table - md: Fix static checker warning in analyze_sbs - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() - ksmbd: Fix memory leak in get_file_all_info() - RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation - RDMA/bnxt_re: fix dma_free_coherent() pointer - blk-mq: skip CPU offline notify on unmapped hctx - ntfs: Do not overwrite uptodate pages - [armhf] ASoC: stm32: sai: fix device leak on probe - [armhf] ASoC: stm32: sai: fix clk prepare imbalance on probe failure - [armhf] ASoC: stm32: sai: fix OF node leak on probe - [arm64] ASoC: codecs: lpass-tx-macro: fix SM6115 support - [arm64] ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr - [arm64] ASoC: qcom: q6asm-dai: perform correct state check before closing - [arm64] ASoC: qcom: q6adm: the the copp device only during last instance - [arm64] ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. - [amd64] iommu/amd: Fix pci_segment memleak in alloc_pci_segment() - [amd64] iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() - [armhf] iommu/omap: fix device leaks on probe_device() - [arm64] iommu/qcom: fix device leak on of_xlate() - [arm64,riscv64] iommu/sun50i: fix device leak on of_xlate() - [arm64,armhf] iommu/tegra: fix device leak on probe_device() - iommu: disable SVA when CONFIG_X86 is set - HID: logitech-dj: Remove duplicate error logging - fgraph: Initialize ftrace_ops->private for function graph ops - fgraph: Check ftrace_pids_enabled on registration for early filtering - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths - [arm64] dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator - [powerpc*] mm: Fix mprotect on book3s 32-bit - [powerpc*] 64s/slb: Fix SLB multihit issue during SLB preload - leds: leds-cros_ec: Skip LEDs without color components - leds: leds-lp50xx: Allow LED 0 to be added to module bank - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs - leds: leds-lp50xx: Enable chip before any communication - block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs - [arm64,armhf] clk: samsung: exynos-clkout: Assign .num before accessing .hws (Closes: #1121211) - [arm64] mfd: max77620: Fix potential IRQ chip conflict when probing two devices - media: rc: st_rc: Fix reset control resource leak - media: verisilicon: Fix CPU stalls on G2 bus error - mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips - [amd64] perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error - [powerpc*] pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() - firmware: stratix10-svc: Add mutex in stratix10 memory management - dm-ebs: Mark full buffer dirty even on partial write - dm-bufio: align write boundary on physical block size - fbdev: gbefb: fix to use physical address instead of dma address - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing - fbdev: tcx.c fix mem_map to correct smem_start offset - media: cec: Fix debugfs leak on bus_register() failure - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() - media: platform: mtk-mdp3: fix device leaks at probe - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled - media: samsung: exynos4-is: fix potential ABBA deadlock on init - media: TDA1997x: Remove redundant cancel_delayed_work in probe - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path - media: vpif_capture: fix section mismatch - media: vpif_display: fix section mismatch - media: amphion: Cancel message work before releasing the VPU core - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe - media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_probe() - compiler_types.h: add "auto" as a macro for "__auto_type" - lockd: fix vfs_test_lock() calls - idr: fix idr_alloc() returning an ID out of range - mm/page_owner: fix memory leak in page_owner_stack_fops->release() - [amd64] x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo - tools/mm/page_owner_sort: fix timestamp comparison for stable sorting - samples/ftrace: Adjust LoongArch register restore order in direct calls - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly - RDMA/cm: Fix leaking the multicast GID table reference - e1000: fix OOB in e1000_tbi_should_accept() - fjes: Add missing iounmap in fjes_hw_init() - nfsd: Drop the client reference in client_states_open() - net: usb: sr9700: fix incorrect command used to write single register - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write - net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() - Revert "drm/amd: Skip power ungate during suspend for VPE" - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling - [arm64] drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers - [amd64] drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident - drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() - [arm64] drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() - [arm64] drm/mediatek: Fix probe resource leaks - [arm64] drm/mediatek: Fix probe memory leak - [arm64] drm/mediatek: Fix probe device leaks - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace - drm/amdkfd: bump minimum vgpr size for gfx1151 - drm/amdkfd: Trap handler support for expert scheduling mode - [amd64] drm/i915: Fix format string truncation warning - drm/ttm: Avoid NULL pointer deref for evicted BOs - [amd64] drm/mgag200: Fix big-endian support - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table - drm/xe/oa: Disallow 0 OA property values - drm/xe: Adjust long-running workload timeslices to reasonable values - drm/xe: Use usleep_range for accurate long-running workload timeslicing - drm/xe: Drop preempt-fences when destroying imported dma-bufs. - [arm64] drm/msm/dpu: Add missing NULL pointer check for pingpong interface - [amd64] drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb - [riscv64] lib/crypto: riscv/chacha: Avoid s0/fp register - gfs2: fix freeze error handling - btrfs: don't rewrite ret from inode_permission - sched/eevdf: Fix min_vruntime vs avg_vruntime - erofs: fix unexpected EIO under memory pressure - sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks - jbd2: fix the inconsistency between checksum and data in memory for journal sb - tty: introduce and use tty_port_tty_vhangup() helper - xhci: dbgtty: fix device unregister: fixup - f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() - f2fs: use global inline_xattr_slab instead of per-sb slab cache - f2fs: drop inode from the donation list when the last file is closed - f2fs: fix to avoid updating compression context during writeback - serial: core: fix OF node leak - serial: core: Restore sysfs fwnode information - mptcp: pm: ignore unknown endpoint flags - mm/ksm: fix exec/fork inheritance support for prctl - svcrdma: bound check rq_pages index in inline path - block: freeze queue when updating zone resources - tpm2-sessions: Fix tpm2_read_public range checks - sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() - sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() - drm/displayid: add quirk to ignore DisplayID checksum errors - hrtimers: Introduce hrtimer_update_function() - [arm64] serial: xilinx_uartps: Use helper function hrtimer_update_function() - [arm64] serial: xilinx_uartps: fix rs485 delay_rts_after_send - f2fs: clear SBI_POR_DOING before initing inmem curseg - f2fs: add timeout in f2fs_enable_checkpoint() - f2fs: dump more information for f2fs_{enable,disable}_checkpoint() - f2fs: fix to propagate error from f2fs_enable_checkpoint() - gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list() - gpiolib: acpi: Handle deferred list via new API - gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter - gpiolib: acpi: Move quirks to a separate file - gpiolib: acpi: Add a quirk for Acer Nitro V15 - gpiolib: acpi: Add quirk for ASUS ProArt PX13 - gpiolib: acpi: Add quirk for Dell Precision 7780 - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206) - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (CVE-2025-40325) - [arm64] drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (CVE-2025-40276) - net: ipv6: ioam6: use consistent dst names - ipv6: adopt dst_dev() helper - net: use dst_dev_rcu() in sk_setup_caps() - usbnet: Fix using smp_processor_id() in preemptible code warnings - serial: core: Fix serial device initialization - tty: fix tty_port_tty_*hangup() kernel-doc - [amd64] x86/microcode/AMD: Select which microcode patch to load - media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio - wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend - wifi: mt76: mt7925: fix CLC command timeout when suspend/resume - wifi: mt76: mt7925: add handler to hif suspend/resume event - idpf: add support for SW triggered interrupts - idpf: trigger SW interrupt when exiting wb_on_itr mode - idpf: add support for Tx refillqs in flow scheduling mode - idpf: improve when to set RE bit logic - idpf: simplify and fix splitq Tx packet rollback error path - idpf: replace flow scheduling buffer ring with buffer pool - idpf: stop Tx if there are insufficient buffer resources - idpf: remove obsolete stashing code - hrtimers: Make hrtimer_update_function() less expensive - gve: defer interrupt enabling until NAPI registration - block: handle zone management operations completions - soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter - [arm64] ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime - PCI: brcmstb: Reuse pcie_cfg_data structure - PCI: brcmstb: Set MLW based on "num-lanes" DT property if present - PCI: brcmstb: Fix disabling L0s capability - mm/balloon_compaction: we cannot have isolated pages in the balloon list - mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() - [powerpc*] pseries/cmm: adjust BALLOON_MIGRATE when migrating pages - media: mediatek: vcodec: Use spinlock for context list protection lock - media: amphion: Add a frame flush mode for decoder - media: amphion: Make some vpu_v4l2 functions static - media: amphion: Remove vpu_vb_is_codecconfig - vfio/pci: Disable qword access to the PCI ROM bar - iomap: allocate s_dio_done_wq for async reads as well (CVE-2025-68357) - block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.65 - mptcp: fallback earlier on simult connection - mm/page_alloc: change all pageblocks migrate type on coalescing - mm: simplify folio_expected_ref_count() - mm: consider non-anon swap cache folios in folio_expected_ref_count() - mptcp: ensure context reset on disconnect() - wifi: mac80211: Discard Beacon frames to non-broadcast address - [arm64] net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration - drm/amdgpu: Forward VMID reservation errors - [amd64] cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. - sched/fair: Small cleanup to sched_balance_newidle() - sched/fair: Small cleanup to update_newidle_cost() - sched/fair: Proportional newidle balance - virtio_console: fix order of fields cols and rows - [armhf] pwm: stm32: Always program polarity - [amd64] Revert "iommu/amd: Skip enabling command/event buffers for kdump" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.66 - NFSD: Fix permission check for read access to executable-only files - nfsd: provide locking for v4_end_grace - nfsd: use correct loop termination in nfsd4_revoke_states() - nfsd: check that server is running in unlock_filesystem - NFSD: net ref data still needs to be freed even if net hasn't startup - NFSD: Remove NFSERR_EAGAIN - atm: Fix dma_free_coherent() size - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() - [arm64] Fix cleared E0POE bit after cpu_suspend()/resume() - btrfs: always detect conflicting inodes when logging inode refs - [amd64] mei: me: add nova lake point S DID - lib/crypto: aes: Fix missing MMU protection for AES S-box - drm/amdgpu: Fix query for VPE block_type and ip_count - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (Closes: #1122106) - [arm64,armhf] gpio: rockchip: mark the GPIO controller as sleeping - [arm64] pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping - wifi: avoid kernel-infoleak from struct iw_point - wifi: mac80211: restore non-chanctx injection behaviour - libceph: prevent potential out-of-bounds reads in handle_auth_done() - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() - libceph: make free_choose_arg_map() resilient to partial allocation - libceph: return the handler error from mon_handle_auth_done() - libceph: reset sparse-read state in osd_fault() - libceph: make calc_target() set t->paused, not just clear it - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (CVE-2025-40149) - drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally - drm/xe: Ensure GT is in C0 during resumes - dm-snapshot: fix 'scheduling while atomic' on real-time kernels - NFSv4: ensure the open stateid seqid doesn't go backwards - [arm64] ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) - NFS: Fix up the automount fs_context to use the correct cred - drm/amd/display: shrink struct members - smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value - smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value - smb/client: fix NT_STATUS_NO_DATA_DETECTED value - scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset - scsi: ufs: core: Fix EH failure after W-LUN resume error - scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" - btrfs: fix qgroup_snapshot_quick_inherit() squota bug - btrfs: qgroup: update all parent qgroups when doing quick inherit - btrfs: tracepoints: use btrfs_root_id() to get the id of a root - btrfs: fix NULL dereference on root when tracing inode eviction - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files - drm/amd/display: Apply e4479aecf658 to dml - [arm64] dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings - [amd64] crypto: qat - fix duplicate restarting msg during AER error - [arm64] dts: add off-on-delay-us for usdhc2 regulator - netfilter: nft_set_pipapo: fix range overlap detection - netfilter: nft_synproxy: avoid possible data-race on update operation - [arm64,armhf] gpio: pca953x: Add support for level-triggered interrupts - [arm64,armhf] gpio: pca953x: handle short interrupt pulses on PCAL devices - netfilter: nf_tables: fix memory leak in nf_tables_newrule() - netfilter: nf_conncount: update last_gc only when GC has been performed - bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress - [arm64] net: mscc: ocelot: Fix crash when adding interface under a lag - inet: ping: Fix icmp out counting - net: sock: fix hardened usercopy panic in sock_recv_errqueue - netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates - net/mlx5e: Don't print error message due to invalid module - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() - bnxt_en: Fix potential data corruption with HW GRO/LRO - vsock: Make accept()ed sockets use custom setsockopt() - btrfs: only enforce free space tree if v1 cache is required for bs < ps cases - [riscv64] pgtable: Cleanup useless VA_USER_XXX definitions - net: fix memory leak in skb_segment_list for GRO packets - idpf: keep the netdev when a reset fails - idpf: fix memory leak in idpf_vport_rel() - idpf: cap maximum Rx buffer size - HID: quirks: work around VID/PID conflict for appledisplay - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset - net: usb: pegasus: fix memory leak in update_eth_regs_async() - arp: do not assume dev_hard_header() does not change skb->head - erofs: don't bother with s_stack_depth increasing for now - erofs: fix file-backed mounts no longer working on EROFS partitions - ALSA: ac97bus: Use guard() for mutex locks - ALSA: ac97: fix a double free in snd_ac97_controller_register() - btrfs: fix error handling of submit_uncompressed_range() - btrfs: subpage: dump the involved bitmap when ASSERT() failed - btrfs: add extra error messages for delalloc range related errors - btrfs: remove btrfs_fs_info::sectors_per_page - btrfs: truncate ordered extent when skipping writeback past i_size - btrfs: use variable for end offset in extent_writepage_io() - btrfs: fix beyond-EOF write handling - bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K - bpf: Make variables in bpf_prog_test_run_xdp less confusing - bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN - bpf: Fix reference count leak in bpf_prog_test_run_xdp() - net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant - powercap: fix race condition in register_control_type() - powercap: fix sscanf() error return value handling - netfilter: nf_tables: avoid chain re-validation if possible - ata: libata-core: Disable LPM on ST2000DM008-2FR102 - drm/amd/display: Fix DP no audio issue - [arm64] spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string - can: j1939: make j1939_session_activate() fail if device is no longer registered - ALSA: usb-audio: Update for native DSD support quirks - [amd64] ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL - [arm64,armhf] ASoC: fsl_sai: Add missing registers to cache default - scsi: sg: Fix occasional bogus elapsed time that exceeds timeout - spi: cadence-quadspi: Prevent lost complete() call during indirect read - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792) - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.67 - efi/cper: Fix cper_bits_to_str buffer handling and return value - Revert "gfs2: Fix use of bio_chain" - [amd64] x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation - xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set - pNFS: Fix a deadlock when returning a delegation during open() - NFS: Fix a deadlock involving nfs_release_folio() - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions - PM: EM: Fix incorrect description of the cost field in struct em_perf_state - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec - btrfs: send: check for inline extents in range_is_hole_in_parent() - net: bridge: annotate data-races around fdb->{updated,used} - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() - net: update netdev_lock_{type,name} - macvlan: fix possible UAF in macvlan_forward_source() - ipv4: ip_gre: make ipgre_header() robust - net/mlx5e: Fix crash on profile change rollback failure - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv - net/mlx5e: Restore destroying state bit after profile cleanup - btrfs: factor out init_space_info() from create_space_info() - btrfs: factor out check_removing_space_info() from btrfs_free_block_groups() - btrfs: introduce btrfs_space_info sub-group - btrfs: fix memory leaks in create_space_info() error paths - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip - net: hv_netvsc: reject RSS hash key programming without RX indirection table - ipv6: Fix use-after-free in inet6_addr_del(). - net/sched: sch_qfq: do not free existing class in qfq_change_class() - [amd64] ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 - mm: describe @flags parameter in memalloc_flags_save() - textsearch: describe @list member in ts_ops search - mm, kfence: describe @slab parameter in __kfence_obj_info() - [arm64] dmaengine: tegra-adma: Fix use-after-free - [arm64] phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it - [arm64] phy: phy-snps-eusb2: refactor constructs names - phy: drop probe registration printks - [arm64] phy: qcom-qusb2: Fix NULL pointer dereference on early suspend - [armhf] phy: stm32-usphyc: Fix off by one in probe() - [armhf] dmaengine: omap-dma: fix dma_pool resource leak in error paths - [arm64] i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA - HID: usbhid: paper over wrong bNumDescriptor field (Closes: #1122193) - bridge: mcast: Fix use-after-free during router port configuration (CVE-2025-38248) - [arm64] ASoC: codecs: wsa883x: fix unnecessary initialisation - drm/amd/display: mark static functions noinline_for_stack - io_uring: move local task_work in exit cancel loop - scsi: core: Fix error handler encryption support - ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer - null_blk: fix kmemleak by releasing references to fault configfs items - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit. - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts - xfs: Fix the return value of xfs_rtcopy_summary() - lib/buildid: use __kernel_read() for sleepable context - [arm64] phy: rockchip: inno-usb2: fix communication disruption in gadget mode - [arm64,armhf] phy: ti: gmii-sel: fix regmap leak on probe failure - [arm64] phy: freescale: imx8m-pcie: assert phy reset during power on - [arm64] phy: rockchip: inno-usb2: fix disconnection in gadget mode - usb: dwc3: Check for USB4 IP_NAME - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor - USB: OHCI/UHCI: Add soft dependencies on ehci_platform - USB: serial: option: add Telit LE910 MBIM composition - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable - nvme-pci: disable secondary temp for Wodposit WPBSNM8 - [arm64] ASoC: codecs: wsa881x: fix unnecessary initialisation - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref - hrtimer: Fix softirq base check in update_needs_ipi() - [amd64] EDAC/x38: Fix a resource leak in x38_probe1() - [amd64] EDAC/i3200: Fix a resource leak in i3200_probe1() - tcpm: allow looking for role_sw device in the main node - i2c: riic: Move suspend handling to NOIRQ phase - [amd64] x86/resctrl: Add missing resctrl initialization for Hygon - [amd64] x86/resctrl: Fix memory bandwidth counter width for Hygon - nvme: fix PCIe subsystem reset controller state transition - mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure - drm/amd/display: Bump the HDMI clock to 340MHz - drm/amd: Clean up kfd node on surprise disconnect - drm/amdkfd: fix a memory leak in device_queue_manager_init() - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare - [arm64,armhf] drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() - [arm64] dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() - [armhf] dmaengine: stm32: dmamux: fix device leak on route allocation - [armhf] dmaengine: stm32: dmamux: fix OF node leak on route allocation failure - [armhf] dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation - [armhf] dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation - [amd64] HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking - [amd64] HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type - xfs: set max_agbno to allow sparse alloc of last full inode chunk - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure - bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591) - mm/fake-numa: allow later numa node hotplug - mm: numa,memblock: include for 'numa_nodes_parsed' - [arm64] phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path - [arm64] phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() - [arm64] dmaengine: fsl-edma: Fix clk leak on alloc_chan_resources failure - mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection - mm/page_alloc: batch page freeing in decay_pcp_high - mm/page_alloc: prevent pcp corruption with SMP=n - mm/fake-numa: handle cases with no SRAT info https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.68 - posix-clock: Store file pointer in struct posix_clock_context - ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. - dt-bindings: power: qcom,rpmpd: document the SM8750 RPMh Power Domains - dt-bindings: power: qcom,rpmpd: add Turbo L5 corner - dt-bindings: power: qcom-rpmpd: split RPMh domains definitions - dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO - [arm64] pmdomain: qcom: rpmhpd: Add MXC to SC8280XP - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() - btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE - ata: ahci: Do not read the per port area for unimplemented ports - ata: libata-sata: Improve link_power_management_supported sysfs attribute - ata: libata: Add cpr_log to ata_dev_print_features() early return - ata: libata-core: Introduce ata_dev_config_lpm() - ata: libata: Call ata_dev_config_lpm() for ATAPI devices - ata: libata: Print features also for ATAPI devices - ice: initialize ring_stats->syncp - ice: Avoid detrimental cleanup for bond during interface stop - ice: Fix incorrect timeout ice_release_res() - igc: Restore default Qbv schedule when changing channels - igc: fix race condition in TX timestamp read for register 0 - vsock/virtio: Coalesce only linear skb - net: usb: dm9601: remove broken SR9700 support - bonding: limit BOND_MODE_8023AD to Ethernet devices - l2tp: Fix memleak in l2tp_udp_encap_recv(). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT - [amd64,arm64] amd-xgbe: avoid misleading per-packet error log - gue: Fix skb memleak with inner IP protocol 0. - fou: Don't allow 0 for FOU_ATTR_IPPROTO. - veth: fix data race in veth_get_ethtool_stats - l2tp: avoid one data-race in l2tp_tunnel_del_work() - ipvlan: Make the addrs_lock be per port - [arm64] octeontx2: cn10k: fix RX flowid TCAM mask handling - net/sched: Enforce that teql can only be used as root qdisc - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec - wifi: mac80211: don't perform DA check on S1G beacon - serial: 8250_pci: Fix broken RS485 for F81504/508/512 - w1: therm: Fix off-by-one buffer overflow in alarms_store - w1: fix redundant counter decrement in w1_attach_slave_device() - Revert "nfc/nci: Add the inconsistency check between the input data length and count" - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA - scsi: storvsc: Process unsupported MODE_SENSE_10 - scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() - [arm64] dts: rockchip: remove dangerous max-link-speed from helios64 - [arm64] dts: rockchip: Fix voltage threshold for volume keys for Pinephone Pro - [amd64] x86/kfence: avoid writing L1TF-vulnerable PTEs - [amd64] comedi: Fix getting range information for subdevices 16 to 255 - [amd64] platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names - [amd64] platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro - mm/rmap: fix two comments related to huge_pmd_unshare() - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection - interconnect: debugfs: initialize src_node and dst_node to empty strings - regmap: Fix race condition in hwspinlock irqsave routine - [riscv64] clocksource: Fix stimecmp update hazard on RV32 - [amd64] platform/x86/amd: Fix memory leak in wbrf_record() - scsi: core: Wake up the error handler when final completions race against each other - scsi: qla2xxx: Sanitize payload size to prevent member overflow - ALSA: usb: Increase volume range that triggers a warning - ice: Fix persistent failure in ice_get_rxfh - [arm64] net: hns3: fix data race in hns3_fetch_stats - be2net: fix data race in be_get_new_eqd - [arm64] net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M - [arm64] net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue - mISDN: annotate data-race around dev->work - ipv6: annotate data-race in ndisc_router_discovery() - usbnet: limit max_mtu based on device's hard_mtu - clocksource: Reduce watchdog readout delay limit to prevent false positives - sched/fair: Fix pelt clock sync when entering idle - drm/amd/pm: Don't clear SI SMC table when setting power limit - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) - drm/nouveau: add missing DCB connector types - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list - bonding: provide a net pointer to __skb_flow_dissect() - [arm64,armhf] net: dsa: fix off-by-one in maximum bridge ID determination - [arm64] octeontx2-af: Fix error handling - net: openvswitch: fix data race in ovs_vport_get_upcall_stats - vsock/virtio: fix potential underflow in virtio_transport_get_credit() - vsock/virtio: cap TX credit to local buffer size - net/sched: act_ife: avoid possible NULL deref - dpll: Prevent duplicate registrations - [amd64] x86: make page fault handling disable interrupts properly - tpm: Compare HMAC values in constant time - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal - leds: led-class: Only Add LED to leds_list when it is fully ready - of: fix reference count leak in of_alias_scan() - of: platform: Use default match table for /firmware - iio: accel: iis328dq: fix gain values - iio: adc: ad9467: fix ad9434 vref mask - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (Closes: #1121535) - ALSA: scarlett2: Fix buffer overflow in config retrieval - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) - wifi: ath10k: fix dma_free_coherent() pointer - wifi: ath12k: fix dma_free_coherent() pointer - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() - wifi: rsi: Fix memory corruption due to not set vif driver data size - [arm64] fpsimd: signal: Allocate SSVE storage when restoring ZA - [arm64] Set __nocfi on swsusp_arch_resume() - slimbus: core: fix runtime PM imbalance on report present - slimbus: core: fix device reference leak on report present - tracing: Fix crash on synthetic stacktrace field usage - [amd64] intel_th: fix device leak on output open() - mei: trace: treat reg parameter as string - [s390x] ap: Fix wrong APQN fill calculation - netrom: fix double-free in nr_route_frame() - [amd64] platform/x86: hp-bioscfg: Fix automatic module loading - [arm64] pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu - [amd64] perf/x86/intel: Do not enable BTS for guests - [arm64,armhf] irqchip/gic-v3-its: Avoid truncating memory addresses - net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak - drm/amdgpu: remove frame cntl for gfx v12 - gpio: cdev: Correct return code on memory allocation failure - migrate: correct lock ordering for hugetlb file folios - [arm64] dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA - can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak - bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725) - [arm64] dts: rockchip: remove redundant max-link-speed from nanopi-r4s - iio: core: add missing mutex_destroy in iio_dev_release() - iio: core: Replace lockdep_set_class() + mutex_init() by combined call - iio: core: add separate lockdep class for info_exist_lock - [armhf] iio: adc: exynos_adc: fix OF populate on driver rebind - exfat: fix refcount leak in exfat_find (CVE-2025-68351) - sched_ext: Fix possible deadlock in the deferred_irq_workfn() (CVE-2025-68333) - fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365) - [amd64] accel/ivpu: Fix race condition when unbinding BOs (CVE-2025-68749) - btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358) - wifi: ath11k: fix RCU stall while reaping monitor destination ring (CVE-2024-58097) - vsock/virtio: Move length check to callers of virtio_vsock_skb_rx_put() - vsock/virtio: Rename virtio_vsock_alloc_skb() - vsock/virtio: Move SKB allocation lower-bound check to callers - vsock/virtio: Rename virtio_vsock_skb_rx_put() - vhost/vsock: Allocate nonlinear SKBs for handling large receive buffers - vsock/virtio: Allocate nonlinear SKBs for handling large transmit buffers - net: Introduce skb_copy_datagram_from_iter_full() - vsock/virtio: Fix message iterator handling on transmit path https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.69 - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work - Bluetooth: MGMT: Fix memory leak in set_ssp_complete - net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message - bonding: annotate data-races around slave->last_rx - [arm64,armhf] net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() - ipv6: use the right ifindex when replying to icmpv6 from localhost - net: wwan: t7xx: fix potential skb->frags overflow in RX path - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues - ice: stop counting UDP csum mismatch as rx_errors - net/mlx5e: TC, delete flows only for existing peers - nfc: nci: Fix race between rfkill and nci_unregister_device(). - net: bridge: fix static key check - net: phy: micrel: fix clk warning when removing the driver - net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect - net/mlx5: Initialize events outside devlink lock - net/mlx5: Fix vhca_id access call trace use before alloc - net/mlx5e: Skip ESN replay window setup for IPsec crypto offload - scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() - [amd64] ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion - gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler - gpio: virtuser: fix UAF in configfs release path - bcache: fix improper use of bi_end_io - bcache: use bio cloning for detached device requests - bcache: fix I/O accounting leak in detached_dev_do_request - dma/pool: distinguish between missing and exhausted atomic pools - sched/deadline: Document dl_server - sched/deadline: Fix 'stuck' dl_server - [arm64,armhf] pinctrl: meson: mark the GPIO controller as sleeping - [riscv64] compat: fix COMPAT_UTS_MACHINE definition - scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() - [amd64] ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO - [arm64,armhf] gpio: pca953x: mask interrupts in irq shutdown - scsi: qla2xxx: edif: Fix dma_free_coherent() size - efivarfs: fix error propagation in efivar_entry_get() - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (Closes: #1122521) - gpio: rockchip: Stop calling pinctrl for set_direction - mptcp: only reset subflow errors when propagated - flex_proportions: make fprop_new_period() hardirq safe - mm/memory-failure: fix missing ->mf_stats count in hugetlb poison - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn - mm/shmem, swap: fix race of truncate and swap entry split - net: fix segmentation of forwarding fraglist GRO - [arm64] drm/msm/a6xx: fix bogus hwcg register updates - drm/amdgpu/soc21: fix xclk for APUs - drm/amdgpu/gfx10: fix wptr reset in KGQ init - drm/amdgpu/gfx11: fix wptr reset in KGQ init - drm/amdgpu/gfx12: fix wptr reset in KGQ init - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() - gpiolib: acpi: Fix potential out-of-boundary left shift - cgroup: Fix kernfs_node UAF in css_free_rwork_fn - rxrpc: Fix data-race warning and potential load/store tearing - ksmbd: smbd: fix dma_unmap_sg() nents (CVE-2026-23093) - mm/kfence: randomize the freelist on initialization - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (CVE-2024-58096) - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" - btrfs: prevent use-after-free on folio private data in btrfs_subpage_clear_uptodate() - net/sched: act_ife: convert comma to semicolon - [arm64] pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins - mptcp: avoid dup SUB_CLOSED events after disconnect - perf: Simplify get_perf_callchain() user logic - perf: sched: Fix perf crash with new is_user_task() helper - writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 - drm/amdgpu/gfx11: adjust KGQ reset sequence - [arm64] pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver - net: mana: Change the function signature of mana_get_primary_netdev_rcu - RDMA/mana_ib: Handle net event for pointing to the current netdev . [ Macpaul Lin ] * udeb: Add USB TYPE-C and Mux modules in usb-modules (Closes: #1109090) . [ Salvatore Bonaccorso ] * fs/nfsd: Enable NFSD_SCSILAYOUT (NFSv4.1 server support for pNFS SCSI layouts) * [rt] Update to 6.12.66-rt15 linux (6.12.69-1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports . linux (6.12.69-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.64 - btrfs: do not skip logging new dentries when logging a new name - btrfs: fix a potential path leak in print_data_reloc_error() - [arm64] bpf, arm64: Do not audit capability check in do_jit() - btrfs: fix memory leak of fs_devices in degraded seed device path - shmem: fix recovery on rename failures - iomap: adjust read range correctly for non-block-aligned positions - iomap: account for unaligned end offsets when truncating read range - scripts/faddr2line: Fix "Argument list too long" error - [amd64] perf/x86/amd: Check event before enable to avoid GPF - sched/deadline: only set free_cpus for online runqueues - sched/fair: Revert max_newidle_lb_cost bump - [amd64] x86/ptrace: Always inline trivial accessors - ACPICA: Avoid walking the Namespace if start_node is NULL - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only - cpufreq: dt-platdev: Add JH7110S SOC to the allowlist - ACPI: fan: Workaround for 64-bit firmware bug - cpuidle: menu: Use residency threshold in polling state override decisions - livepatch: Match old_sympos 0 and 1 in klp_find_func() - fs/ntfs3: Support timestamps prior to epoch - kbuild: Use objtree for module signing key path - ntfs: set dummy blocksize to read boot_block when mounting - hfsplus: fix volume corruption issue for generic/070 - hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create - hfsplus: Verify inode mode when loading from disk - hfsplus: fix volume corruption issue for generic/073 - fs/ntfs3: check for shutdown in fsync - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU - wifi: cfg80211: stop radar detection in cfg80211_leave() - wifi: cfg80211: use cfg80211_leave() in iftype change - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet - btrfs: scrub: always update btrfs_scrub_progress::last_physical - gfs2: fix remote evict for read-only filesystems - gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" - smb/server: fix return value of smb2_ioctl() - ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency - ksmbd: vfs: fix race on m_flags in vfs_cache - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT - gfs2: Fix use of bio_chain - [arm64,armhf] net: fec: ERR007885 Workaround for XDP TX path - netrom: Fix memory leak in nr_sendmsg() - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change - ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() - bnxt_en: Fix XDP_TX path - net: openvswitch: fix middle attribute validation in push_nsh() action - broadcom: b44: prevent uninitialized value usage - netfilter: nf_conncount: fix leaked ct in error paths - ipvs: fix ipv4 null-ptr-deref in route error path - net/sched: ets: Remove drr class from the active list if it changes to strict - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() - netfilter: nf_nat: remove bogus direction check - netfilter: nf_tables: remove redundant chain validation on register store - ethtool: Avoid overflowing userspace buffer on stats query - net/mlx5: fw reset, clear reset requested on drain_fw_reset - net/mlx5: Drain firmware reset in shutdown callback - net/mlx5: fw_tracer, Validate format string parameters - net/mlx5: fw_tracer, Handle escaped percent properly - net/mlx5: Serialize firmware reset with devlink - net/handshake: duplicate handshake cancellations leak socket - [arm64] net: enetc: do not transmit redirected XDP frames when the link is down - [arm64] net: hns3: using the num_tqps in the vf driver to apply for resources - [arm64] net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx - [arm64] net: hns3: add VLAN id validation before using - [amd64] hwmon: (dell-smm) Limit fan multiplier to avoid overflow - hwmon: (ibmpex) fix use-after-free in high/low store - hwmon: (tmp401) fix overflow caused by default conversion rate value - drm/me/gsc: mei interrupt top half should be in irq disabled context - drm/xe: Restore engine registers before restarting schedulers after GT reset - drm/panel: sony-td4353-jdi: Enable prepare_prev_first - [amd64] x86/xen: Move Xen upcall handler - [amd64] x86/xen: Fix sparse warning in enlighten_pv.c - [arm64] kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder - spi: cadence-quadspi: Fix clock disable on probe failure path - block: rnbd-clt: Fix leaked ID in init_dev() - drm/xe: Limit num_syncs to prevent oversized allocations - drm/xe/oa: Limit num_syncs to prevent oversized allocations - ksmbd: skip lock-range check on equal size to avoid size==0 underflow - ksmbd: Fix refcount leak when invalid session is found on session lookup - ksmbd: fix buffer validation by including null terminator size in EA length - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation - Input: lkkbd - disable pending work before freeing device - Input: alps - fix use-after-free bugs caused by dev3_register_work - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table - xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails - can: gs_usb: gs_can_open(): fix error handling - [arm64,armhf] soc/tegra: fuse: Do not register SoC device on ACPI boot - ACPI: PCC: Fix race condition by removing static qualifier - ACPI: CPPC: Fix missing PCC check for guaranteed_perf - [arm64] mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds - dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() - [amd64] x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path - ALSA: usb-mixer: us16x08: validate meter packet indices - nfsd: update percpu_ref to manage references on nfsd_net - nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ - nfsd: fix memory leak in nfsd_create_serv error paths - ipmi: Fix the race between __scan_channels() and deliver_response() - ipmi: Fix __scan_channels() failing to rescan channels - [arm64,armhf] ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx - scsi: smartpqi: Add support for Hurray Data new controller PCI device - [arm64] clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp - fuse: Always flush the page cache before FOPEN_DIRECT_IO write - fuse: Invalidate the page cache after FOPEN_DIRECT_IO write - via_wdt: fix critical boot hang due to unnamed resource allocation - reset: fix BIT macro reference - exfat: fix remount failure in different process environments - exfat: zero out post-EOF page cache on file extension - usbip: Fix locking bug in RT-enabled kernels - usb: typec: ucsi: Handle incorrect num_connectors capability - [armhf] iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains - usb: xhci: limit run_graceperiod for only usb 3.0 devices - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. - libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware - nvme-fc: don't hold rport lock when putting ctrl - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures - [amd64] platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks - [amd64] scsi: scsi_debug: Fix atomic write enable module param description - block: rnbd-clt: Fix signedness bug in init_dev() - vhost/vsock: improve RCU read sections around vhost_vsock_get() - cifs: Fix memory and information leak in smb3_reconfigure() - KEYS: trusted: Fix a memory leak in tpm2_load_cmd - io_uring: fix filename leak in __io_openat_prep() - [amd64] x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems - [arm64] mmc: sdhci-msm: Avoid early clock doubling during HS400 transition - perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() - [amd64] lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit - [s390x] dasd: Fix gendisk parent after copy pair swap - wifi: mt76: Fix DTS power-limits on little endian systems - block: rate-limit capacity change info log - floppy: fix for PAGE_SIZE != 4KB - kallsyms: Fix wrong "big" kernel symbol type read from procfs - fs/ntfs3: fix mount failure for sparse runs in run_unpack() - tpm: Cap the number of PCR banks - ext4: fix string copying in parse_apply_sb_mount_options() - ext4: xattr: fix null pointer deref in ext4_raw_inode() - ext4: clear i_state_flags when alloc inode - ext4: fix incorrect group number assertion in mb_check_buddy - ext4: align max orphan file size with e2fsprogs limit - jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key - jbd2: use a weaker annotation in journal handling - media: v4l2-mem2mem: Fix outdated documentation - mptcp: schedule rtx timer only after pushing data - mptcp: avoid deadlock on fallback while reinjecting - usb: usb-storage: Maintain minimal modifications to the bcdDevice range. - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() - media: pvrusb2: Fix incorrect variable used in trace message - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() - [arm64,armhf] usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe - [arm64,armhf] usb: dwc3: keep susphy enabled during exit to avoid controller faults - char: applicom: fix NULL pointer dereference in ac_ioctl - [amd64] intel_th: Fix error handling in intel_th_output_open - mei: gsc: add dependency on Xe driver - serial: sh-sci: Check that the DMA cookie is valid - cpuidle: governors: teo: Drop misguided target residency check - cpufreq: nforce2: fix reference count leak in nforce2 - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" - scsi: aic94xx: fix use-after-free in device removal path - NFSD: use correct reservation type in nfsd4_scsi_fence_client - scsi: target: Reset t_task_cdb pointer in error case - scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow - scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error - f2fs: ensure node page reads complete before f2fs_put_super() finishes - f2fs: fix to avoid potential deadlock - f2fs: fix to avoid updating zero-sized extent in extent cache - f2fs: invalidate dentry cache on failed whiteout creation - f2fs: fix age extent cache insertion skip on counter overflow - f2fs: fix uninitialized one_time_gc in victim_sel_policy - f2fs: fix return value of f2fs_recover_fsync_data() - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot - media: vidtv: initialize local pointers upon transfer of memory ownership - ocfs2: fix kernel BUG in ocfs2_find_victim_chain - [amd64] KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) - [amd64] platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver - scs: fix a wrong parameter in __scs_magic - libceph: make decode_pool() more resilient against corrupted osdmaps - [powerpc*] Add reloc_offset() to font bitmap pointer used for bootx_printf() - [amd64] KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 - [amd64] KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() - [amd64] KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer - [amd64] KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE - [amd64] KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN - [amd64] KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation - [amd64] KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN - [amd64] KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit - [amd64] KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) - [amd64] KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits - xfs: fix a memory leak in xfs_buf_item_init() - xfs: fix stupid compiler warning - xfs: fix a UAF problem in xattr repair - tracing: Do not register unsupported perf events - PM: runtime: Do not clear needs_force_resume with enabled runtime PM - r8169: fix RTL8117 Wake-on-Lan in DASH mode - fsnotify: do not generate ACCESS/MODIFY events on child for special files - net/handshake: restore destructor on submit failure - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap - NFSD: NFSv4 file creation neglects setting ACL - nfsd: Mark variable __maybe_unused to avoid W=1 build break - svcrdma: return 0 on success from svc_rdma_copy_inline_range - svcrdma: use rc_pageoff for memcpy byte offset - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf - [powerpc*] kexec: Enable SMT before waking offline CPUs - btrfs: don't log conflicting inode if it's a dir moved in the current transaction - [s390x] ipl: Clear SBP flag when bootprog is set - gpio: regmap: Fix memleak in error path in gpio_regmap_register() - io_uring/poll: correctly handle io_poll_add() return value on update - io_uring: fix min_wait wakeups for SQPOLL - Revert "drm/amd/display: Fix pbn to kbps Conversion" - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() - drm/amd/display: Fix scratch registers offsets for DCN35 - drm/amd/display: Fix scratch registers offsets for DCN351 - drm/displayid: pass iter to drm_find_displayid_extension() - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (CVE-2025-68345) - ALSA: wavefront: Use guard() for spin locks - ALSA: wavefront: Clear substream pointers on close - [arm64] pinctrl: renesas: rzg2l: Fix ISEL restore on resume - hsr: hold rcu and dev lock for hsr_get_port_ndev (CVE-2025-39872) - sched/rt: Fix race in push_rt_task (CVE-2025-38234) - [arm64] KVM: arm64: Initialize HCR_EL2.E2H early - [arm64] KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() - [arm64] Revamp HCR_EL2.E2H RES1 detection - dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets - crypto: af_alg - zero initialize memory allocated via sock_kmalloc - crypto: caam - Add check for kcalloc() in test_len() - [arm64,armhf] amba: tegra-ahb: Fix device leak on SMMU enable - virtio: vdpa: Fix reference count leak in octep_sriov_enable() - tracing: Fix fixed array of synthetic event - [arm64,armhf] soc: samsung: exynos-pmu: fix device leak on regmap lookup - [arm64] soc: qcom: ocmem: fix device leak on lookup - [arm64] soc: amlogic: canvas: fix device leak on lookup - rpmsg: glink: fix rpmsg device leak - [amd64] platform/x86: intel: chtwc_int33fe: don't dereference swnode args - i2c: amd-mp2: fix reference leak in MP2 PCI device - hwmon: (max16065) Use local variable to avoid TOCTOU - hwmon: (max6697) fix regmap leak on probe failure - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU - [amd64] x86/msi: Make irq_retrigger() functional for posted MSI - [arm64] iommu/mediatek: fix use-after-free on probe deferral - fuse: fix readahead reclaim deadlock - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (Closes: #1125797) - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() - wifi: mac80211: do not use old MBSSID elements - i40e: fix scheduling in set_rx_mode - i40e: validate ring_len parameter against hardware-specific values - iavf: fix off-by-one issues in iavf_config_rss_reg() - idpf: reduce mbx_task schedule delay to 300us - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt - Bluetooth: btusb: revert use of devm_kzalloc in btusb - net: mdio: aspeed: add dummy read to avoid read-after-write issue - net: openvswitch: Avoid needlessly taking the RTNL on vport destroy - ip6_gre: make ip6gre_header() robust - [amd64] platform/x86: msi-laptop: add missing sysfs_remove_group() - [amd64] platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic - team: fix check for port enabled in team_queue_override_port_prio_changed() - [arm64,armhf] net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() - amd-xgbe: reset retries and mode on RX adapt failures - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure - genalloc.h: fix htmldocs warning - firewire: nosy: Fix dma_free_coherent() size - [armhf] net: dsa: b53: skip multicast entries for fdb_dump() - kbuild: fix compilation of dtb specified on command-line without make rule - net: usb: asix: validate PHY address before use - net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct - vfio/pds: Fix memory leak in pds_vfio_dirty_enable() - [amd64] platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing - [arm64] octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" - net: stmmac: fix the crash issue for zero copy XDP_TX action - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() - ipv4: Fix reference count leak when using error routes with nexthop objects - net: rose: fix invalid array index in rose_kill_by_device() - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT - RDMA/irdma: avoid invalid read in irdma_net_event - RDMA/efa: Remove possible negative shift - RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() - RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() - RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send - RDMA/bnxt_re: Fix to use correct page size for PDE table - md: Fix static checker warning in analyze_sbs - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() - ksmbd: Fix memory leak in get_file_all_info() - RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation - RDMA/bnxt_re: fix dma_free_coherent() pointer - blk-mq: skip CPU offline notify on unmapped hctx - ntfs: Do not overwrite uptodate pages - [armhf] ASoC: stm32: sai: fix device leak on probe - [armhf] ASoC: stm32: sai: fix clk prepare imbalance on probe failure - [armhf] ASoC: stm32: sai: fix OF node leak on probe - [arm64] ASoC: codecs: lpass-tx-macro: fix SM6115 support - [arm64] ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr - [arm64] ASoC: qcom: q6asm-dai: perform correct state check before closing - [arm64] ASoC: qcom: q6adm: the the copp device only during last instance - [arm64] ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. - [amd64] iommu/amd: Fix pci_segment memleak in alloc_pci_segment() - [amd64] iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() - [armhf] iommu/omap: fix device leaks on probe_device() - [arm64] iommu/qcom: fix device leak on of_xlate() - [arm64,riscv64] iommu/sun50i: fix device leak on of_xlate() - [arm64,armhf] iommu/tegra: fix device leak on probe_device() - iommu: disable SVA when CONFIG_X86 is set - HID: logitech-dj: Remove duplicate error logging - fgraph: Initialize ftrace_ops->private for function graph ops - fgraph: Check ftrace_pids_enabled on registration for early filtering - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths - [arm64] dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator - [powerpc*] mm: Fix mprotect on book3s 32-bit - [powerpc*] 64s/slb: Fix SLB multihit issue during SLB preload - leds: leds-cros_ec: Skip LEDs without color components - leds: leds-lp50xx: Allow LED 0 to be added to module bank - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs - leds: leds-lp50xx: Enable chip before any communication - block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs - [arm64,armhf] clk: samsung: exynos-clkout: Assign .num before accessing .hws (Closes: #1121211) - [arm64] mfd: max77620: Fix potential IRQ chip conflict when probing two devices - media: rc: st_rc: Fix reset control resource leak - media: verisilicon: Fix CPU stalls on G2 bus error - mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips - [amd64] perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error - [powerpc*] pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() - firmware: stratix10-svc: Add mutex in stratix10 memory management - dm-ebs: Mark full buffer dirty even on partial write - dm-bufio: align write boundary on physical block size - fbdev: gbefb: fix to use physical address instead of dma address - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing - fbdev: tcx.c fix mem_map to correct smem_start offset - media: cec: Fix debugfs leak on bus_register() failure - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() - media: platform: mtk-mdp3: fix device leaks at probe - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled - media: samsung: exynos4-is: fix potential ABBA deadlock on init - media: TDA1997x: Remove redundant cancel_delayed_work in probe - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path - media: vpif_capture: fix section mismatch - media: vpif_display: fix section mismatch - media: amphion: Cancel message work before releasing the VPU core - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe - media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_probe() - compiler_types.h: add "auto" as a macro for "__auto_type" - lockd: fix vfs_test_lock() calls - idr: fix idr_alloc() returning an ID out of range - mm/page_owner: fix memory leak in page_owner_stack_fops->release() - [amd64] x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo - tools/mm/page_owner_sort: fix timestamp comparison for stable sorting - samples/ftrace: Adjust LoongArch register restore order in direct calls - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly - RDMA/cm: Fix leaking the multicast GID table reference - e1000: fix OOB in e1000_tbi_should_accept() - fjes: Add missing iounmap in fjes_hw_init() - nfsd: Drop the client reference in client_states_open() - net: usb: sr9700: fix incorrect command used to write single register - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write - net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() - Revert "drm/amd: Skip power ungate during suspend for VPE" - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling - [arm64] drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers - [amd64] drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident - drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() - [arm64] drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() - [arm64] drm/mediatek: Fix probe resource leaks - [arm64] drm/mediatek: Fix probe memory leak - [arm64] drm/mediatek: Fix probe device leaks - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace - drm/amdkfd: bump minimum vgpr size for gfx1151 - drm/amdkfd: Trap handler support for expert scheduling mode - [amd64] drm/i915: Fix format string truncation warning - drm/ttm: Avoid NULL pointer deref for evicted BOs - [amd64] drm/mgag200: Fix big-endian support - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table - drm/xe/oa: Disallow 0 OA property values - drm/xe: Adjust long-running workload timeslices to reasonable values - drm/xe: Use usleep_range for accurate long-running workload timeslicing - drm/xe: Drop preempt-fences when destroying imported dma-bufs. - [arm64] drm/msm/dpu: Add missing NULL pointer check for pingpong interface - [amd64] drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb - [riscv64] lib/crypto: riscv/chacha: Avoid s0/fp register - gfs2: fix freeze error handling - btrfs: don't rewrite ret from inode_permission - sched/eevdf: Fix min_vruntime vs avg_vruntime - erofs: fix unexpected EIO under memory pressure - sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks - jbd2: fix the inconsistency between checksum and data in memory for journal sb - tty: introduce and use tty_port_tty_vhangup() helper - xhci: dbgtty: fix device unregister: fixup - f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() - f2fs: use global inline_xattr_slab instead of per-sb slab cache - f2fs: drop inode from the donation list when the last file is closed - f2fs: fix to avoid updating compression context during writeback - serial: core: fix OF node leak - serial: core: Restore sysfs fwnode information - mptcp: pm: ignore unknown endpoint flags - mm/ksm: fix exec/fork inheritance support for prctl - svcrdma: bound check rq_pages index in inline path - block: freeze queue when updating zone resources - tpm2-sessions: Fix tpm2_read_public range checks - sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() - sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() - drm/displayid: add quirk to ignore DisplayID checksum errors - hrtimers: Introduce hrtimer_update_function() - [arm64] serial: xilinx_uartps: Use helper function hrtimer_update_function() - [arm64] serial: xilinx_uartps: fix rs485 delay_rts_after_send - f2fs: clear SBI_POR_DOING before initing inmem curseg - f2fs: add timeout in f2fs_enable_checkpoint() - f2fs: dump more information for f2fs_{enable,disable}_checkpoint() - f2fs: fix to propagate error from f2fs_enable_checkpoint() - gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list() - gpiolib: acpi: Handle deferred list via new API - gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter - gpiolib: acpi: Move quirks to a separate file - gpiolib: acpi: Add a quirk for Acer Nitro V15 - gpiolib: acpi: Add quirk for ASUS ProArt PX13 - gpiolib: acpi: Add quirk for Dell Precision 7780 - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206) - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (CVE-2025-40325) - [arm64] drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (CVE-2025-40276) - net: ipv6: ioam6: use consistent dst names - ipv6: adopt dst_dev() helper - net: use dst_dev_rcu() in sk_setup_caps() - usbnet: Fix using smp_processor_id() in preemptible code warnings - serial: core: Fix serial device initialization - tty: fix tty_port_tty_*hangup() kernel-doc - [amd64] x86/microcode/AMD: Select which microcode patch to load - media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio - wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend - wifi: mt76: mt7925: fix CLC command timeout when suspend/resume - wifi: mt76: mt7925: add handler to hif suspend/resume event - idpf: add support for SW triggered interrupts - idpf: trigger SW interrupt when exiting wb_on_itr mode - idpf: add support for Tx refillqs in flow scheduling mode - idpf: improve when to set RE bit logic - idpf: simplify and fix splitq Tx packet rollback error path - idpf: replace flow scheduling buffer ring with buffer pool - idpf: stop Tx if there are insufficient buffer resources - idpf: remove obsolete stashing code - hrtimers: Make hrtimer_update_function() less expensive - gve: defer interrupt enabling until NAPI registration - block: handle zone management operations completions - soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter - [arm64] ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime - PCI: brcmstb: Reuse pcie_cfg_data structure - PCI: brcmstb: Set MLW based on "num-lanes" DT property if present - PCI: brcmstb: Fix disabling L0s capability - mm/balloon_compaction: we cannot have isolated pages in the balloon list - mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() - [powerpc*] pseries/cmm: adjust BALLOON_MIGRATE when migrating pages - media: mediatek: vcodec: Use spinlock for context list protection lock - media: amphion: Add a frame flush mode for decoder - media: amphion: Make some vpu_v4l2 functions static - media: amphion: Remove vpu_vb_is_codecconfig - vfio/pci: Disable qword access to the PCI ROM bar - iomap: allocate s_dio_done_wq for async reads as well (CVE-2025-68357) - block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.65 - mptcp: fallback earlier on simult connection - mm/page_alloc: change all pageblocks migrate type on coalescing - mm: simplify folio_expected_ref_count() - mm: consider non-anon swap cache folios in folio_expected_ref_count() - mptcp: ensure context reset on disconnect() - wifi: mac80211: Discard Beacon frames to non-broadcast address - [arm64] net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration - drm/amdgpu: Forward VMID reservation errors - [amd64] cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. - sched/fair: Small cleanup to sched_balance_newidle() - sched/fair: Small cleanup to update_newidle_cost() - sched/fair: Proportional newidle balance - virtio_console: fix order of fields cols and rows - [armhf] pwm: stm32: Always program polarity - [amd64] Revert "iommu/amd: Skip enabling command/event buffers for kdump" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.66 - NFSD: Fix permission check for read access to executable-only files - nfsd: provide locking for v4_end_grace - nfsd: use correct loop termination in nfsd4_revoke_states() - nfsd: check that server is running in unlock_filesystem - NFSD: net ref data still needs to be freed even if net hasn't startup - NFSD: Remove NFSERR_EAGAIN - atm: Fix dma_free_coherent() size - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() - [arm64] Fix cleared E0POE bit after cpu_suspend()/resume() - btrfs: always detect conflicting inodes when logging inode refs - [amd64] mei: me: add nova lake point S DID - lib/crypto: aes: Fix missing MMU protection for AES S-box - drm/amdgpu: Fix query for VPE block_type and ip_count - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (Closes: #1122106) - [arm64,armhf] gpio: rockchip: mark the GPIO controller as sleeping - [arm64] pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping - wifi: avoid kernel-infoleak from struct iw_point - wifi: mac80211: restore non-chanctx injection behaviour - libceph: prevent potential out-of-bounds reads in handle_auth_done() - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() - libceph: make free_choose_arg_map() resilient to partial allocation - libceph: return the handler error from mon_handle_auth_done() - libceph: reset sparse-read state in osd_fault() - libceph: make calc_target() set t->paused, not just clear it - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (CVE-2025-40149) - drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally - drm/xe: Ensure GT is in C0 during resumes - dm-snapshot: fix 'scheduling while atomic' on real-time kernels - NFSv4: ensure the open stateid seqid doesn't go backwards - [arm64] ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) - NFS: Fix up the automount fs_context to use the correct cred - drm/amd/display: shrink struct members - smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value - smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value - smb/client: fix NT_STATUS_NO_DATA_DETECTED value - scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset - scsi: ufs: core: Fix EH failure after W-LUN resume error - scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" - btrfs: fix qgroup_snapshot_quick_inherit() squota bug - btrfs: qgroup: update all parent qgroups when doing quick inherit - btrfs: tracepoints: use btrfs_root_id() to get the id of a root - btrfs: fix NULL dereference on root when tracing inode eviction - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files - drm/amd/display: Apply e4479aecf658 to dml - [arm64] dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings - [amd64] crypto: qat - fix duplicate restarting msg during AER error - [arm64] dts: add off-on-delay-us for usdhc2 regulator - netfilter: nft_set_pipapo: fix range overlap detection - netfilter: nft_synproxy: avoid possible data-race on update operation - [arm64,armhf] gpio: pca953x: Add support for level-triggered interrupts - [arm64,armhf] gpio: pca953x: handle short interrupt pulses on PCAL devices - netfilter: nf_tables: fix memory leak in nf_tables_newrule() - netfilter: nf_conncount: update last_gc only when GC has been performed - bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress - [arm64] net: mscc: ocelot: Fix crash when adding interface under a lag - inet: ping: Fix icmp out counting - net: sock: fix hardened usercopy panic in sock_recv_errqueue - netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates - net/mlx5e: Don't print error message due to invalid module - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() - bnxt_en: Fix potential data corruption with HW GRO/LRO - vsock: Make accept()ed sockets use custom setsockopt() - btrfs: only enforce free space tree if v1 cache is required for bs < ps cases - [riscv64] pgtable: Cleanup useless VA_USER_XXX definitions - net: fix memory leak in skb_segment_list for GRO packets - idpf: keep the netdev when a reset fails - idpf: fix memory leak in idpf_vport_rel() - idpf: cap maximum Rx buffer size - HID: quirks: work around VID/PID conflict for appledisplay - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset - net: usb: pegasus: fix memory leak in update_eth_regs_async() - arp: do not assume dev_hard_header() does not change skb->head - erofs: don't bother with s_stack_depth increasing for now - erofs: fix file-backed mounts no longer working on EROFS partitions - ALSA: ac97bus: Use guard() for mutex locks - ALSA: ac97: fix a double free in snd_ac97_controller_register() - btrfs: fix error handling of submit_uncompressed_range() - btrfs: subpage: dump the involved bitmap when ASSERT() failed - btrfs: add extra error messages for delalloc range related errors - btrfs: remove btrfs_fs_info::sectors_per_page - btrfs: truncate ordered extent when skipping writeback past i_size - btrfs: use variable for end offset in extent_writepage_io() - btrfs: fix beyond-EOF write handling - bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K - bpf: Make variables in bpf_prog_test_run_xdp less confusing - bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN - bpf: Fix reference count leak in bpf_prog_test_run_xdp() - net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant - powercap: fix race condition in register_control_type() - powercap: fix sscanf() error return value handling - netfilter: nf_tables: avoid chain re-validation if possible - ata: libata-core: Disable LPM on ST2000DM008-2FR102 - drm/amd/display: Fix DP no audio issue - [arm64] spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string - can: j1939: make j1939_session_activate() fail if device is no longer registered - ALSA: usb-audio: Update for native DSD support quirks - [amd64] ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL - [arm64,armhf] ASoC: fsl_sai: Add missing registers to cache default - scsi: sg: Fix occasional bogus elapsed time that exceeds timeout - spi: cadence-quadspi: Prevent lost complete() call during indirect read - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792) - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.67 - efi/cper: Fix cper_bits_to_str buffer handling and return value - Revert "gfs2: Fix use of bio_chain" - [amd64] x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation - xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set - pNFS: Fix a deadlock when returning a delegation during open() - NFS: Fix a deadlock involving nfs_release_folio() - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions - PM: EM: Fix incorrect description of the cost field in struct em_perf_state - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec - btrfs: send: check for inline extents in range_is_hole_in_parent() - net: bridge: annotate data-races around fdb->{updated,used} - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() - net: update netdev_lock_{type,name} - macvlan: fix possible UAF in macvlan_forward_source() - ipv4: ip_gre: make ipgre_header() robust - net/mlx5e: Fix crash on profile change rollback failure - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv - net/mlx5e: Restore destroying state bit after profile cleanup - btrfs: factor out init_space_info() from create_space_info() - btrfs: factor out check_removing_space_info() from btrfs_free_block_groups() - btrfs: introduce btrfs_space_info sub-group - btrfs: fix memory leaks in create_space_info() error paths - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip - net: hv_netvsc: reject RSS hash key programming without RX indirection table - ipv6: Fix use-after-free in inet6_addr_del(). - net/sched: sch_qfq: do not free existing class in qfq_change_class() - [amd64] ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 - mm: describe @flags parameter in memalloc_flags_save() - textsearch: describe @list member in ts_ops search - mm, kfence: describe @slab parameter in __kfence_obj_info() - [arm64] dmaengine: tegra-adma: Fix use-after-free - [arm64] phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it - [arm64] phy: phy-snps-eusb2: refactor constructs names - phy: drop probe registration printks - [arm64] phy: qcom-qusb2: Fix NULL pointer dereference on early suspend - [armhf] phy: stm32-usphyc: Fix off by one in probe() - [armhf] dmaengine: omap-dma: fix dma_pool resource leak in error paths - [arm64] i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA - HID: usbhid: paper over wrong bNumDescriptor field (Closes: #1122193) - bridge: mcast: Fix use-after-free during router port configuration (CVE-2025-38248) - [arm64] ASoC: codecs: wsa883x: fix unnecessary initialisation - drm/amd/display: mark static functions noinline_for_stack - io_uring: move local task_work in exit cancel loop - scsi: core: Fix error handler encryption support - ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer - null_blk: fix kmemleak by releasing references to fault configfs items - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit. - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts - xfs: Fix the return value of xfs_rtcopy_summary() - lib/buildid: use __kernel_read() for sleepable context - [arm64] phy: rockchip: inno-usb2: fix communication disruption in gadget mode - [arm64,armhf] phy: ti: gmii-sel: fix regmap leak on probe failure - [arm64] phy: freescale: imx8m-pcie: assert phy reset during power on - [arm64] phy: rockchip: inno-usb2: fix disconnection in gadget mode - usb: dwc3: Check for USB4 IP_NAME - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor - USB: OHCI/UHCI: Add soft dependencies on ehci_platform - USB: serial: option: add Telit LE910 MBIM composition - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable - nvme-pci: disable secondary temp for Wodposit WPBSNM8 - [arm64] ASoC: codecs: wsa881x: fix unnecessary initialisation - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref - hrtimer: Fix softirq base check in update_needs_ipi() - [amd64] EDAC/x38: Fix a resource leak in x38_probe1() - [amd64] EDAC/i3200: Fix a resource leak in i3200_probe1() - tcpm: allow looking for role_sw device in the main node - i2c: riic: Move suspend handling to NOIRQ phase - [amd64] x86/resctrl: Add missing resctrl initialization for Hygon - [amd64] x86/resctrl: Fix memory bandwidth counter width for Hygon - nvme: fix PCIe subsystem reset controller state transition - mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure - drm/amd/display: Bump the HDMI clock to 340MHz - drm/amd: Clean up kfd node on surprise disconnect - drm/amdkfd: fix a memory leak in device_queue_manager_init() - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare - [arm64,armhf] drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() - [arm64] dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() - [armhf] dmaengine: stm32: dmamux: fix device leak on route allocation - [armhf] dmaengine: stm32: dmamux: fix OF node leak on route allocation failure - [armhf] dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation - [armhf] dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation - [amd64] HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking - [amd64] HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type - xfs: set max_agbno to allow sparse alloc of last full inode chunk - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure - bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591) - mm/fake-numa: allow later numa node hotplug - mm: numa,memblock: include for 'numa_nodes_parsed' - [arm64] phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path - [arm64] phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() - [arm64] dmaengine: fsl-edma: Fix clk leak on alloc_chan_resources failure - mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection - mm/page_alloc: batch page freeing in decay_pcp_high - mm/page_alloc: prevent pcp corruption with SMP=n - mm/fake-numa: handle cases with no SRAT info https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.68 - posix-clock: Store file pointer in struct posix_clock_context - ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. - dt-bindings: power: qcom,rpmpd: document the SM8750 RPMh Power Domains - dt-bindings: power: qcom,rpmpd: add Turbo L5 corner - dt-bindings: power: qcom-rpmpd: split RPMh domains definitions - dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO - [arm64] pmdomain: qcom: rpmhpd: Add MXC to SC8280XP - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() - btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE - ata: ahci: Do not read the per port area for unimplemented ports - ata: libata-sata: Improve link_power_management_supported sysfs attribute - ata: libata: Add cpr_log to ata_dev_print_features() early return - ata: libata-core: Introduce ata_dev_config_lpm() - ata: libata: Call ata_dev_config_lpm() for ATAPI devices - ata: libata: Print features also for ATAPI devices - ice: initialize ring_stats->syncp - ice: Avoid detrimental cleanup for bond during interface stop - ice: Fix incorrect timeout ice_release_res() - igc: Restore default Qbv schedule when changing channels - igc: fix race condition in TX timestamp read for register 0 - vsock/virtio: Coalesce only linear skb - net: usb: dm9601: remove broken SR9700 support - bonding: limit BOND_MODE_8023AD to Ethernet devices - l2tp: Fix memleak in l2tp_udp_encap_recv(). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT - [amd64,arm64] amd-xgbe: avoid misleading per-packet error log - gue: Fix skb memleak with inner IP protocol 0. - fou: Don't allow 0 for FOU_ATTR_IPPROTO. - veth: fix data race in veth_get_ethtool_stats - l2tp: avoid one data-race in l2tp_tunnel_del_work() - ipvlan: Make the addrs_lock be per port - [arm64] octeontx2: cn10k: fix RX flowid TCAM mask handling - net/sched: Enforce that teql can only be used as root qdisc - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec - wifi: mac80211: don't perform DA check on S1G beacon - serial: 8250_pci: Fix broken RS485 for F81504/508/512 - w1: therm: Fix off-by-one buffer overflow in alarms_store - w1: fix redundant counter decrement in w1_attach_slave_device() - Revert "nfc/nci: Add the inconsistency check between the input data length and count" - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA - scsi: storvsc: Process unsupported MODE_SENSE_10 - scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() - [arm64] dts: rockchip: remove dangerous max-link-speed from helios64 - [arm64] dts: rockchip: Fix voltage threshold for volume keys for Pinephone Pro - [amd64] x86/kfence: avoid writing L1TF-vulnerable PTEs - [amd64] comedi: Fix getting range information for subdevices 16 to 255 - [amd64] platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names - [amd64] platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro - mm/rmap: fix two comments related to huge_pmd_unshare() - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection - interconnect: debugfs: initialize src_node and dst_node to empty strings - regmap: Fix race condition in hwspinlock irqsave routine - [riscv64] clocksource: Fix stimecmp update hazard on RV32 - [amd64] platform/x86/amd: Fix memory leak in wbrf_record() - scsi: core: Wake up the error handler when final completions race against each other - scsi: qla2xxx: Sanitize payload size to prevent member overflow - ALSA: usb: Increase volume range that triggers a warning - ice: Fix persistent failure in ice_get_rxfh - [arm64] net: hns3: fix data race in hns3_fetch_stats - be2net: fix data race in be_get_new_eqd - [arm64] net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M - [arm64] net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue - mISDN: annotate data-race around dev->work - ipv6: annotate data-race in ndisc_router_discovery() - usbnet: limit max_mtu based on device's hard_mtu - clocksource: Reduce watchdog readout delay limit to prevent false positives - sched/fair: Fix pelt clock sync when entering idle - drm/amd/pm: Don't clear SI SMC table when setting power limit - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) - drm/nouveau: add missing DCB connector types - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list - bonding: provide a net pointer to __skb_flow_dissect() - [arm64,armhf] net: dsa: fix off-by-one in maximum bridge ID determination - [arm64] octeontx2-af: Fix error handling - net: openvswitch: fix data race in ovs_vport_get_upcall_stats - vsock/virtio: fix potential underflow in virtio_transport_get_credit() - vsock/virtio: cap TX credit to local buffer size - net/sched: act_ife: avoid possible NULL deref - dpll: Prevent duplicate registrations - [amd64] x86: make page fault handling disable interrupts properly - tpm: Compare HMAC values in constant time - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal - leds: led-class: Only Add LED to leds_list when it is fully ready - of: fix reference count leak in of_alias_scan() - of: platform: Use default match table for /firmware - iio: accel: iis328dq: fix gain values - iio: adc: ad9467: fix ad9434 vref mask - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (Closes: #1121535) - ALSA: scarlett2: Fix buffer overflow in config retrieval - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) - wifi: ath10k: fix dma_free_coherent() pointer - wifi: ath12k: fix dma_free_coherent() pointer - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() - wifi: rsi: Fix memory corruption due to not set vif driver data size - [arm64] fpsimd: signal: Allocate SSVE storage when restoring ZA - [arm64] Set __nocfi on swsusp_arch_resume() - slimbus: core: fix runtime PM imbalance on report present - slimbus: core: fix device reference leak on report present - tracing: Fix crash on synthetic stacktrace field usage - [amd64] intel_th: fix device leak on output open() - mei: trace: treat reg parameter as string - [s390x] ap: Fix wrong APQN fill calculation - netrom: fix double-free in nr_route_frame() - [amd64] platform/x86: hp-bioscfg: Fix automatic module loading - [arm64] pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu - [amd64] perf/x86/intel: Do not enable BTS for guests - [arm64,armhf] irqchip/gic-v3-its: Avoid truncating memory addresses - net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak - drm/amdgpu: remove frame cntl for gfx v12 - gpio: cdev: Correct return code on memory allocation failure - migrate: correct lock ordering for hugetlb file folios - [arm64] dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA - can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak - bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725) - [arm64] dts: rockchip: remove redundant max-link-speed from nanopi-r4s - iio: core: add missing mutex_destroy in iio_dev_release() - iio: core: Replace lockdep_set_class() + mutex_init() by combined call - iio: core: add separate lockdep class for info_exist_lock - [armhf] iio: adc: exynos_adc: fix OF populate on driver rebind - exfat: fix refcount leak in exfat_find (CVE-2025-68351) - sched_ext: Fix possible deadlock in the deferred_irq_workfn() (CVE-2025-68333) - fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365) - [amd64] accel/ivpu: Fix race condition when unbinding BOs (CVE-2025-68749) - btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358) - wifi: ath11k: fix RCU stall while reaping monitor destination ring (CVE-2024-58097) - vsock/virtio: Move length check to callers of virtio_vsock_skb_rx_put() - vsock/virtio: Rename virtio_vsock_alloc_skb() - vsock/virtio: Move SKB allocation lower-bound check to callers - vsock/virtio: Rename virtio_vsock_skb_rx_put() - vhost/vsock: Allocate nonlinear SKBs for handling large receive buffers - vsock/virtio: Allocate nonlinear SKBs for handling large transmit buffers - net: Introduce skb_copy_datagram_from_iter_full() - vsock/virtio: Fix message iterator handling on transmit path https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.69 - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work - Bluetooth: MGMT: Fix memory leak in set_ssp_complete - net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message - bonding: annotate data-races around slave->last_rx - [arm64,armhf] net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() - ipv6: use the right ifindex when replying to icmpv6 from localhost - net: wwan: t7xx: fix potential skb->frags overflow in RX path - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues - ice: stop counting UDP csum mismatch as rx_errors - net/mlx5e: TC, delete flows only for existing peers - nfc: nci: Fix race between rfkill and nci_unregister_device(). - net: bridge: fix static key check - net: phy: micrel: fix clk warning when removing the driver - net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect - net/mlx5: Initialize events outside devlink lock - net/mlx5: Fix vhca_id access call trace use before alloc - net/mlx5e: Skip ESN replay window setup for IPsec crypto offload - scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() - [amd64] ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion - gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler - gpio: virtuser: fix UAF in configfs release path - bcache: fix improper use of bi_end_io - bcache: use bio cloning for detached device requests - bcache: fix I/O accounting leak in detached_dev_do_request - dma/pool: distinguish between missing and exhausted atomic pools - sched/deadline: Document dl_server - sched/deadline: Fix 'stuck' dl_server - [arm64,armhf] pinctrl: meson: mark the GPIO controller as sleeping - [riscv64] compat: fix COMPAT_UTS_MACHINE definition - scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() - [amd64] ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO - [arm64,armhf] gpio: pca953x: mask interrupts in irq shutdown - scsi: qla2xxx: edif: Fix dma_free_coherent() size - efivarfs: fix error propagation in efivar_entry_get() - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (Closes: #1122521) - gpio: rockchip: Stop calling pinctrl for set_direction - mptcp: only reset subflow errors when propagated - flex_proportions: make fprop_new_period() hardirq safe - mm/memory-failure: fix missing ->mf_stats count in hugetlb poison - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn - mm/shmem, swap: fix race of truncate and swap entry split - net: fix segmentation of forwarding fraglist GRO - [arm64] drm/msm/a6xx: fix bogus hwcg register updates - drm/amdgpu/soc21: fix xclk for APUs - drm/amdgpu/gfx10: fix wptr reset in KGQ init - drm/amdgpu/gfx11: fix wptr reset in KGQ init - drm/amdgpu/gfx12: fix wptr reset in KGQ init - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() - gpiolib: acpi: Fix potential out-of-boundary left shift - cgroup: Fix kernfs_node UAF in css_free_rwork_fn - rxrpc: Fix data-race warning and potential load/store tearing - ksmbd: smbd: fix dma_unmap_sg() nents (CVE-2026-23093) - mm/kfence: randomize the freelist on initialization - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (CVE-2024-58096) - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" - btrfs: prevent use-after-free on folio private data in btrfs_subpage_clear_uptodate() - net/sched: act_ife: convert comma to semicolon - [arm64] pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins - mptcp: avoid dup SUB_CLOSED events after disconnect - perf: Simplify get_perf_callchain() user logic - perf: sched: Fix perf crash with new is_user_task() helper - writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 - drm/amdgpu/gfx11: adjust KGQ reset sequence - [arm64] pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver - net: mana: Change the function signature of mana_get_primary_netdev_rcu - RDMA/mana_ib: Handle net event for pointing to the current netdev . [ Macpaul Lin ] * udeb: Add USB TYPE-C and Mux modules in usb-modules (Closes: #1109090) . [ Salvatore Bonaccorso ] * fs/nfsd: Enable NFSD_SCSILAYOUT (NFSv4.1 server support for pNFS SCSI layouts) * [rt] Update to 6.12.66-rt15 linux-base (4.12.1) trixie; urgency=medium . * d/salsa-ci.yml: Set RELEASE to trixie * linux-run-hooks(1): Fix description of the first argument * linux-run-hooks: Use compatible hook dir names for headers packages (Closes: #1121366) linux-signed-amd64 (6.12.73+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.73-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.70 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec - [amd64] x86/vmware: Fix hypercall clobbers - [amd64] x86/kfence: fix booting on 32bit non-PAE systems - [amd64] platform/x86: intel_telemetry: Fix swapped arrays in PSS output - ALSA: aloop: Fix racy access at PCM trigger - [arm64] pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state - [arm64] pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup - [arm64,armhf] pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset - [arm64] pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup - [arm64] pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains - mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (Closes: #1125405) - rbd: check for EOD after exclusive lock is ensured to be held - ceph: fix oops due to invalid pointer for kfree() in parse_longname() - gve: Fix stats report corruption on queue count change - gve: Correct ethtool rx_dropped calculation - mm, shmem: prevent infinite loop on truncate race - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" - KVM: Don't clobber irqfd routing type when deassigning irqfd - PCI/ERR: Ensure error recoverability at all times - ublk: fix deadlock when reading partition table (CVE-2025-68823) - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (CVE-2025-40082) - [arm*] binder: fix BR_FROZEN_REPLY error log - binderfs: fix ida_alloc_max() upper bound - procfs: avoid fetching build ID while holding VMA lock - tracing: Fix ftrace event field alignments - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined - wifi: wlcore: ensure skb headroom before skb_push - net: usb: sr9700: support devices with virtual driver CD - block,bfq: fix aux stat accumulation destination - smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() - md: suspend array while updating raid_disks via sysfs - smb/server: fix refcount leak in smb2_open() - smb/server: fix refcount leak in parse_durable_handle_context() - [amd64] HID: intel-ish-hid: Update ishtp bus match to support device ID table - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL - btrfs: fix reservation leak in some error paths when inserting inline extent - [riscv64] Sanitize syscall table indexing under speculation - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration - HID: playstation: Center initial joystick axes to prevent spurious events - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk - [arm64] PCI: qcom: Remove ASPM L0s support for MSM8996 SoC - netfilter: replace -EEXIST with -EBUSY - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free - HID: logitech: add HID++ support for Logitech MX Anywhere 3S - wifi: mac80211: collect station statistics earlier when disconnect - ASoC: simple-card-utils: Check device node before overwrite direction - nvme-fc: release admin tagset if init fails - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() - [amd64] ASoC: amd: yc: Fix microphone on ASUS M6500RE - regmap: maple: free entry on mas_store_gfp() failure - wifi: cfg80211: Fix bitrate calculation overflow for HE rates - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() - wifi: mac80211: correctly check if CSA is active - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice - btrfs: reject new transactions if the fs is fully read-only - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio - [amd64] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines - [amd64] platform/x86: intel_telemetry: Fix PSS event register mask - [amd64] platform/x86: hp-bioscfg: Skip empty attribute names - [amd64] platform/x86/intel/tpmi/plr: Make the file domain/status writeable - smb/client: fix memory leak in smb2_open_file() - net: add skb_header_pointer_careful() helper - net/sched: cls_u32: use skb_header_pointer_careful() - net: liquidio: Initialize netdev pointer before queue setup - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup - net: phy: add phy_interface_weight() - net: phy: add phy_interface_copy() - net: sfp: pre-parse the module support - net: sfp: convert sfp quirks to modify struct sfp_module_support - net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module - macvlan: fix error recovery in macvlan_common_newlink() - net: usb: r8152: fix resume reset deadlock - net: don't touch dev->stats in BPF redirect paths - tipc: use kfree_sensitive() for session key material - drm/amd/display: fix wrong color value mapping on MCM shaper LUT - net: gro: fix outer network offset - [amd64] drm/mgag200: fix mgag200_bmc_stop_scanout() - drm/xe/query: Fix topology query pointer advance - drm/xe/pm: Also avoid missing outer rpm warning on system suspend - drm/xe/pm: Disable D3Cold for BMG only on specific platforms - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() - ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops - [arm64] ipi: tegra: Fix a memory leak in tegra_slink_probe() - [arm64,armhf] spi: tegra114: Preserve SPI mode bits in def_command1_reg - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU. - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.71 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (Closes: #1127597) - io_uring/rw: recycle buffers manually for non-mshot reads https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.72 - smb: client: split cached_fid bitfields to avoid shared-byte RMW races - ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths - smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() - driver core: enforce device_lock for driver_match_device() - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB - [amd64] crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly - crypto: virtio - Add spinlock protection with virtqueue notification - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req - nilfs2: Fix potential block overflow that cause system hang - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() - scsi: qla2xxx: Validate sp before freeing associated memory - scsi: qla2xxx: Allow recovery for tape devices - scsi: qla2xxx: Delay module unload while fabric scan in progress - scsi: qla2xxx: Free sp in error path to fix system crash - scsi: qla2xxx: Query FW again before proceeding with login - bus: mhi: host: pci_generic: Add Telit FE990B40 modem support - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169) - erofs: fix UAF issue for file-backed mounts w/ directio option - xfs: fix UAF in xchk_btree_check_block_owner - PCI: endpoint: Avoid creating sub-groups asynchronously - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add - [armhf] gpio: omap: do not register driver in probe() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.73 - Revert "driver core: enforce device_lock for driver_match_device()" linux-signed-amd64 (6.12.73+1~bpo12+1) bookworm-backports; urgency=medium . * Sign kernel from linux 6.12.73-1~bpo12+1 . * Rebuild for bookworm-backports linux-signed-amd64 (6.12.69+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.69-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.64 - btrfs: do not skip logging new dentries when logging a new name - btrfs: fix a potential path leak in print_data_reloc_error() - [arm64] bpf, arm64: Do not audit capability check in do_jit() - btrfs: fix memory leak of fs_devices in degraded seed device path - shmem: fix recovery on rename failures - iomap: adjust read range correctly for non-block-aligned positions - iomap: account for unaligned end offsets when truncating read range - scripts/faddr2line: Fix "Argument list too long" error - [amd64] perf/x86/amd: Check event before enable to avoid GPF - sched/deadline: only set free_cpus for online runqueues - sched/fair: Revert max_newidle_lb_cost bump - [amd64] x86/ptrace: Always inline trivial accessors - ACPICA: Avoid walking the Namespace if start_node is NULL - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only - cpufreq: dt-platdev: Add JH7110S SOC to the allowlist - ACPI: fan: Workaround for 64-bit firmware bug - cpuidle: menu: Use residency threshold in polling state override decisions - livepatch: Match old_sympos 0 and 1 in klp_find_func() - fs/ntfs3: Support timestamps prior to epoch - kbuild: Use objtree for module signing key path - ntfs: set dummy blocksize to read boot_block when mounting - hfsplus: fix volume corruption issue for generic/070 - hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create - hfsplus: Verify inode mode when loading from disk - hfsplus: fix volume corruption issue for generic/073 - fs/ntfs3: check for shutdown in fsync - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU - wifi: cfg80211: stop radar detection in cfg80211_leave() - wifi: cfg80211: use cfg80211_leave() in iftype change - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet - btrfs: scrub: always update btrfs_scrub_progress::last_physical - gfs2: fix remote evict for read-only filesystems - gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" - smb/server: fix return value of smb2_ioctl() - ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency - ksmbd: vfs: fix race on m_flags in vfs_cache - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT - gfs2: Fix use of bio_chain - [arm64,armhf] net: fec: ERR007885 Workaround for XDP TX path - netrom: Fix memory leak in nr_sendmsg() - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change - ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() - bnxt_en: Fix XDP_TX path - net: openvswitch: fix middle attribute validation in push_nsh() action - broadcom: b44: prevent uninitialized value usage - netfilter: nf_conncount: fix leaked ct in error paths - ipvs: fix ipv4 null-ptr-deref in route error path - net/sched: ets: Remove drr class from the active list if it changes to strict - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() - netfilter: nf_nat: remove bogus direction check - netfilter: nf_tables: remove redundant chain validation on register store - ethtool: Avoid overflowing userspace buffer on stats query - net/mlx5: fw reset, clear reset requested on drain_fw_reset - net/mlx5: Drain firmware reset in shutdown callback - net/mlx5: fw_tracer, Validate format string parameters - net/mlx5: fw_tracer, Handle escaped percent properly - net/mlx5: Serialize firmware reset with devlink - net/handshake: duplicate handshake cancellations leak socket - [arm64] net: enetc: do not transmit redirected XDP frames when the link is down - [arm64] net: hns3: using the num_tqps in the vf driver to apply for resources - [arm64] net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx - [arm64] net: hns3: add VLAN id validation before using - [amd64] hwmon: (dell-smm) Limit fan multiplier to avoid overflow - hwmon: (ibmpex) fix use-after-free in high/low store - hwmon: (tmp401) fix overflow caused by default conversion rate value - drm/me/gsc: mei interrupt top half should be in irq disabled context - drm/xe: Restore engine registers before restarting schedulers after GT reset - drm/panel: sony-td4353-jdi: Enable prepare_prev_first - [amd64] x86/xen: Move Xen upcall handler - [amd64] x86/xen: Fix sparse warning in enlighten_pv.c - [arm64] kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder - spi: cadence-quadspi: Fix clock disable on probe failure path - block: rnbd-clt: Fix leaked ID in init_dev() - drm/xe: Limit num_syncs to prevent oversized allocations - drm/xe/oa: Limit num_syncs to prevent oversized allocations - ksmbd: skip lock-range check on equal size to avoid size==0 underflow - ksmbd: Fix refcount leak when invalid session is found on session lookup - ksmbd: fix buffer validation by including null terminator size in EA length - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation - Input: lkkbd - disable pending work before freeing device - Input: alps - fix use-after-free bugs caused by dev3_register_work - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table - xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails - can: gs_usb: gs_can_open(): fix error handling - [arm64,armhf] soc/tegra: fuse: Do not register SoC device on ACPI boot - ACPI: PCC: Fix race condition by removing static qualifier - ACPI: CPPC: Fix missing PCC check for guaranteed_perf - [arm64] mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds - dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() - [amd64] x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path - ALSA: usb-mixer: us16x08: validate meter packet indices - nfsd: update percpu_ref to manage references on nfsd_net - nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ - nfsd: fix memory leak in nfsd_create_serv error paths - ipmi: Fix the race between __scan_channels() and deliver_response() - ipmi: Fix __scan_channels() failing to rescan channels - [arm64,armhf] ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx - scsi: smartpqi: Add support for Hurray Data new controller PCI device - [arm64] clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp - fuse: Always flush the page cache before FOPEN_DIRECT_IO write - fuse: Invalidate the page cache after FOPEN_DIRECT_IO write - via_wdt: fix critical boot hang due to unnamed resource allocation - reset: fix BIT macro reference - exfat: fix remount failure in different process environments - exfat: zero out post-EOF page cache on file extension - usbip: Fix locking bug in RT-enabled kernels - usb: typec: ucsi: Handle incorrect num_connectors capability - [armhf] iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains - usb: xhci: limit run_graceperiod for only usb 3.0 devices - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. - libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware - nvme-fc: don't hold rport lock when putting ctrl - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures - [amd64] platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks - [amd64] scsi: scsi_debug: Fix atomic write enable module param description - block: rnbd-clt: Fix signedness bug in init_dev() - vhost/vsock: improve RCU read sections around vhost_vsock_get() - cifs: Fix memory and information leak in smb3_reconfigure() - KEYS: trusted: Fix a memory leak in tpm2_load_cmd - io_uring: fix filename leak in __io_openat_prep() - [amd64] x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems - [arm64] mmc: sdhci-msm: Avoid early clock doubling during HS400 transition - perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() - [amd64] lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit - [s390x] dasd: Fix gendisk parent after copy pair swap - wifi: mt76: Fix DTS power-limits on little endian systems - block: rate-limit capacity change info log - floppy: fix for PAGE_SIZE != 4KB - kallsyms: Fix wrong "big" kernel symbol type read from procfs - fs/ntfs3: fix mount failure for sparse runs in run_unpack() - tpm: Cap the number of PCR banks - ext4: fix string copying in parse_apply_sb_mount_options() - ext4: xattr: fix null pointer deref in ext4_raw_inode() - ext4: clear i_state_flags when alloc inode - ext4: fix incorrect group number assertion in mb_check_buddy - ext4: align max orphan file size with e2fsprogs limit - jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key - jbd2: use a weaker annotation in journal handling - media: v4l2-mem2mem: Fix outdated documentation - mptcp: schedule rtx timer only after pushing data - mptcp: avoid deadlock on fallback while reinjecting - usb: usb-storage: Maintain minimal modifications to the bcdDevice range. - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() - media: pvrusb2: Fix incorrect variable used in trace message - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() - [arm64,armhf] usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe - [arm64,armhf] usb: dwc3: keep susphy enabled during exit to avoid controller faults - char: applicom: fix NULL pointer dereference in ac_ioctl - [amd64] intel_th: Fix error handling in intel_th_output_open - mei: gsc: add dependency on Xe driver - serial: sh-sci: Check that the DMA cookie is valid - cpuidle: governors: teo: Drop misguided target residency check - cpufreq: nforce2: fix reference count leak in nforce2 - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" - scsi: aic94xx: fix use-after-free in device removal path - NFSD: use correct reservation type in nfsd4_scsi_fence_client - scsi: target: Reset t_task_cdb pointer in error case - scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow - scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error - f2fs: ensure node page reads complete before f2fs_put_super() finishes - f2fs: fix to avoid potential deadlock - f2fs: fix to avoid updating zero-sized extent in extent cache - f2fs: invalidate dentry cache on failed whiteout creation - f2fs: fix age extent cache insertion skip on counter overflow - f2fs: fix uninitialized one_time_gc in victim_sel_policy - f2fs: fix return value of f2fs_recover_fsync_data() - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot - media: vidtv: initialize local pointers upon transfer of memory ownership - ocfs2: fix kernel BUG in ocfs2_find_victim_chain - [amd64] KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) - [amd64] platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver - scs: fix a wrong parameter in __scs_magic - libceph: make decode_pool() more resilient against corrupted osdmaps - [powerpc*] Add reloc_offset() to font bitmap pointer used for bootx_printf() - [amd64] KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 - [amd64] KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() - [amd64] KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer - [amd64] KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE - [amd64] KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN - [amd64] KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation - [amd64] KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN - [amd64] KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit - [amd64] KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) - [amd64] KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits - xfs: fix a memory leak in xfs_buf_item_init() - xfs: fix stupid compiler warning - xfs: fix a UAF problem in xattr repair - tracing: Do not register unsupported perf events - PM: runtime: Do not clear needs_force_resume with enabled runtime PM - r8169: fix RTL8117 Wake-on-Lan in DASH mode - fsnotify: do not generate ACCESS/MODIFY events on child for special files - net/handshake: restore destructor on submit failure - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap - NFSD: NFSv4 file creation neglects setting ACL - nfsd: Mark variable __maybe_unused to avoid W=1 build break - svcrdma: return 0 on success from svc_rdma_copy_inline_range - svcrdma: use rc_pageoff for memcpy byte offset - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf - [powerpc*] kexec: Enable SMT before waking offline CPUs - btrfs: don't log conflicting inode if it's a dir moved in the current transaction - [s390x] ipl: Clear SBP flag when bootprog is set - gpio: regmap: Fix memleak in error path in gpio_regmap_register() - io_uring/poll: correctly handle io_poll_add() return value on update - io_uring: fix min_wait wakeups for SQPOLL - Revert "drm/amd/display: Fix pbn to kbps Conversion" - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() - drm/amd/display: Fix scratch registers offsets for DCN35 - drm/amd/display: Fix scratch registers offsets for DCN351 - drm/displayid: pass iter to drm_find_displayid_extension() - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (CVE-2025-68345) - ALSA: wavefront: Use guard() for spin locks - ALSA: wavefront: Clear substream pointers on close - [arm64] pinctrl: renesas: rzg2l: Fix ISEL restore on resume - hsr: hold rcu and dev lock for hsr_get_port_ndev (CVE-2025-39872) - sched/rt: Fix race in push_rt_task (CVE-2025-38234) - [arm64] KVM: arm64: Initialize HCR_EL2.E2H early - [arm64] KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() - [arm64] Revamp HCR_EL2.E2H RES1 detection - dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets - crypto: af_alg - zero initialize memory allocated via sock_kmalloc - crypto: caam - Add check for kcalloc() in test_len() - [arm64,armhf] amba: tegra-ahb: Fix device leak on SMMU enable - virtio: vdpa: Fix reference count leak in octep_sriov_enable() - tracing: Fix fixed array of synthetic event - [arm64,armhf] soc: samsung: exynos-pmu: fix device leak on regmap lookup - [arm64] soc: qcom: ocmem: fix device leak on lookup - [arm64] soc: amlogic: canvas: fix device leak on lookup - rpmsg: glink: fix rpmsg device leak - [amd64] platform/x86: intel: chtwc_int33fe: don't dereference swnode args - i2c: amd-mp2: fix reference leak in MP2 PCI device - hwmon: (max16065) Use local variable to avoid TOCTOU - hwmon: (max6697) fix regmap leak on probe failure - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU - [amd64] x86/msi: Make irq_retrigger() functional for posted MSI - [arm64] iommu/mediatek: fix use-after-free on probe deferral - fuse: fix readahead reclaim deadlock - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (Closes: #1125797) - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() - wifi: mac80211: do not use old MBSSID elements - i40e: fix scheduling in set_rx_mode - i40e: validate ring_len parameter against hardware-specific values - iavf: fix off-by-one issues in iavf_config_rss_reg() - idpf: reduce mbx_task schedule delay to 300us - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt - Bluetooth: btusb: revert use of devm_kzalloc in btusb - net: mdio: aspeed: add dummy read to avoid read-after-write issue - net: openvswitch: Avoid needlessly taking the RTNL on vport destroy - ip6_gre: make ip6gre_header() robust - [amd64] platform/x86: msi-laptop: add missing sysfs_remove_group() - [amd64] platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic - team: fix check for port enabled in team_queue_override_port_prio_changed() - [arm64,armhf] net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() - amd-xgbe: reset retries and mode on RX adapt failures - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure - genalloc.h: fix htmldocs warning - firewire: nosy: Fix dma_free_coherent() size - [armhf] net: dsa: b53: skip multicast entries for fdb_dump() - kbuild: fix compilation of dtb specified on command-line without make rule - net: usb: asix: validate PHY address before use - net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct - vfio/pds: Fix memory leak in pds_vfio_dirty_enable() - [amd64] platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing - [arm64] octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" - net: stmmac: fix the crash issue for zero copy XDP_TX action - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() - ipv4: Fix reference count leak when using error routes with nexthop objects - net: rose: fix invalid array index in rose_kill_by_device() - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT - RDMA/irdma: avoid invalid read in irdma_net_event - RDMA/efa: Remove possible negative shift - RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() - RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() - RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send - RDMA/bnxt_re: Fix to use correct page size for PDE table - md: Fix static checker warning in analyze_sbs - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() - ksmbd: Fix memory leak in get_file_all_info() - RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation - RDMA/bnxt_re: fix dma_free_coherent() pointer - blk-mq: skip CPU offline notify on unmapped hctx - ntfs: Do not overwrite uptodate pages - [armhf] ASoC: stm32: sai: fix device leak on probe - [armhf] ASoC: stm32: sai: fix clk prepare imbalance on probe failure - [armhf] ASoC: stm32: sai: fix OF node leak on probe - [arm64] ASoC: codecs: lpass-tx-macro: fix SM6115 support - [arm64] ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr - [arm64] ASoC: qcom: q6asm-dai: perform correct state check before closing - [arm64] ASoC: qcom: q6adm: the the copp device only during last instance - [arm64] ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. - [amd64] iommu/amd: Fix pci_segment memleak in alloc_pci_segment() - [amd64] iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() - [armhf] iommu/omap: fix device leaks on probe_device() - [arm64] iommu/qcom: fix device leak on of_xlate() - [arm64,riscv64] iommu/sun50i: fix device leak on of_xlate() - [arm64,armhf] iommu/tegra: fix device leak on probe_device() - iommu: disable SVA when CONFIG_X86 is set - HID: logitech-dj: Remove duplicate error logging - fgraph: Initialize ftrace_ops->private for function graph ops - fgraph: Check ftrace_pids_enabled on registration for early filtering - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths - [arm64] dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator - [powerpc*] mm: Fix mprotect on book3s 32-bit - [powerpc*] 64s/slb: Fix SLB multihit issue during SLB preload - leds: leds-cros_ec: Skip LEDs without color components - leds: leds-lp50xx: Allow LED 0 to be added to module bank - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs - leds: leds-lp50xx: Enable chip before any communication - block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs - [arm64,armhf] clk: samsung: exynos-clkout: Assign .num before accessing .hws (Closes: #1121211) - [arm64] mfd: max77620: Fix potential IRQ chip conflict when probing two devices - media: rc: st_rc: Fix reset control resource leak - media: verisilicon: Fix CPU stalls on G2 bus error - mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips - [amd64] perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error - [powerpc*] pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() - firmware: stratix10-svc: Add mutex in stratix10 memory management - dm-ebs: Mark full buffer dirty even on partial write - dm-bufio: align write boundary on physical block size - fbdev: gbefb: fix to use physical address instead of dma address - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing - fbdev: tcx.c fix mem_map to correct smem_start offset - media: cec: Fix debugfs leak on bus_register() failure - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() - media: platform: mtk-mdp3: fix device leaks at probe - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled - media: samsung: exynos4-is: fix potential ABBA deadlock on init - media: TDA1997x: Remove redundant cancel_delayed_work in probe - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path - media: vpif_capture: fix section mismatch - media: vpif_display: fix section mismatch - media: amphion: Cancel message work before releasing the VPU core - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe - media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_probe() - compiler_types.h: add "auto" as a macro for "__auto_type" - lockd: fix vfs_test_lock() calls - idr: fix idr_alloc() returning an ID out of range - mm/page_owner: fix memory leak in page_owner_stack_fops->release() - [amd64] x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo - tools/mm/page_owner_sort: fix timestamp comparison for stable sorting - samples/ftrace: Adjust LoongArch register restore order in direct calls - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly - RDMA/cm: Fix leaking the multicast GID table reference - e1000: fix OOB in e1000_tbi_should_accept() - fjes: Add missing iounmap in fjes_hw_init() - nfsd: Drop the client reference in client_states_open() - net: usb: sr9700: fix incorrect command used to write single register - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write - net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() - Revert "drm/amd: Skip power ungate during suspend for VPE" - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling - [arm64] drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers - [amd64] drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident - drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() - [arm64] drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() - [arm64] drm/mediatek: Fix probe resource leaks - [arm64] drm/mediatek: Fix probe memory leak - [arm64] drm/mediatek: Fix probe device leaks - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace - drm/amdkfd: bump minimum vgpr size for gfx1151 - drm/amdkfd: Trap handler support for expert scheduling mode - [amd64] drm/i915: Fix format string truncation warning - drm/ttm: Avoid NULL pointer deref for evicted BOs - [amd64] drm/mgag200: Fix big-endian support - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table - drm/xe/oa: Disallow 0 OA property values - drm/xe: Adjust long-running workload timeslices to reasonable values - drm/xe: Use usleep_range for accurate long-running workload timeslicing - drm/xe: Drop preempt-fences when destroying imported dma-bufs. - [arm64] drm/msm/dpu: Add missing NULL pointer check for pingpong interface - [amd64] drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb - [riscv64] lib/crypto: riscv/chacha: Avoid s0/fp register - gfs2: fix freeze error handling - btrfs: don't rewrite ret from inode_permission - sched/eevdf: Fix min_vruntime vs avg_vruntime - erofs: fix unexpected EIO under memory pressure - sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks - jbd2: fix the inconsistency between checksum and data in memory for journal sb - tty: introduce and use tty_port_tty_vhangup() helper - xhci: dbgtty: fix device unregister: fixup - f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() - f2fs: use global inline_xattr_slab instead of per-sb slab cache - f2fs: drop inode from the donation list when the last file is closed - f2fs: fix to avoid updating compression context during writeback - serial: core: fix OF node leak - serial: core: Restore sysfs fwnode information - mptcp: pm: ignore unknown endpoint flags - mm/ksm: fix exec/fork inheritance support for prctl - svcrdma: bound check rq_pages index in inline path - block: freeze queue when updating zone resources - tpm2-sessions: Fix tpm2_read_public range checks - sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() - sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() - drm/displayid: add quirk to ignore DisplayID checksum errors - hrtimers: Introduce hrtimer_update_function() - [arm64] serial: xilinx_uartps: Use helper function hrtimer_update_function() - [arm64] serial: xilinx_uartps: fix rs485 delay_rts_after_send - f2fs: clear SBI_POR_DOING before initing inmem curseg - f2fs: add timeout in f2fs_enable_checkpoint() - f2fs: dump more information for f2fs_{enable,disable}_checkpoint() - f2fs: fix to propagate error from f2fs_enable_checkpoint() - gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list() - gpiolib: acpi: Handle deferred list via new API - gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter - gpiolib: acpi: Move quirks to a separate file - gpiolib: acpi: Add a quirk for Acer Nitro V15 - gpiolib: acpi: Add quirk for ASUS ProArt PX13 - gpiolib: acpi: Add quirk for Dell Precision 7780 - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206) - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (CVE-2025-40325) - [arm64] drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (CVE-2025-40276) - net: ipv6: ioam6: use consistent dst names - ipv6: adopt dst_dev() helper - net: use dst_dev_rcu() in sk_setup_caps() - usbnet: Fix using smp_processor_id() in preemptible code warnings - serial: core: Fix serial device initialization - tty: fix tty_port_tty_*hangup() kernel-doc - [amd64] x86/microcode/AMD: Select which microcode patch to load - media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio - wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend - wifi: mt76: mt7925: fix CLC command timeout when suspend/resume - wifi: mt76: mt7925: add handler to hif suspend/resume event - idpf: add support for SW triggered interrupts - idpf: trigger SW interrupt when exiting wb_on_itr mode - idpf: add support for Tx refillqs in flow scheduling mode - idpf: improve when to set RE bit logic - idpf: simplify and fix splitq Tx packet rollback error path - idpf: replace flow scheduling buffer ring with buffer pool - idpf: stop Tx if there are insufficient buffer resources - idpf: remove obsolete stashing code - hrtimers: Make hrtimer_update_function() less expensive - gve: defer interrupt enabling until NAPI registration - block: handle zone management operations completions - soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter - [arm64] ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime - PCI: brcmstb: Reuse pcie_cfg_data structure - PCI: brcmstb: Set MLW based on "num-lanes" DT property if present - PCI: brcmstb: Fix disabling L0s capability - mm/balloon_compaction: we cannot have isolated pages in the balloon list - mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() - [powerpc*] pseries/cmm: adjust BALLOON_MIGRATE when migrating pages - media: mediatek: vcodec: Use spinlock for context list protection lock - media: amphion: Add a frame flush mode for decoder - media: amphion: Make some vpu_v4l2 functions static - media: amphion: Remove vpu_vb_is_codecconfig - vfio/pci: Disable qword access to the PCI ROM bar - iomap: allocate s_dio_done_wq for async reads as well (CVE-2025-68357) - block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.65 - mptcp: fallback earlier on simult connection - mm/page_alloc: change all pageblocks migrate type on coalescing - mm: simplify folio_expected_ref_count() - mm: consider non-anon swap cache folios in folio_expected_ref_count() - mptcp: ensure context reset on disconnect() - wifi: mac80211: Discard Beacon frames to non-broadcast address - [arm64] net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration - drm/amdgpu: Forward VMID reservation errors - [amd64] cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. - sched/fair: Small cleanup to sched_balance_newidle() - sched/fair: Small cleanup to update_newidle_cost() - sched/fair: Proportional newidle balance - virtio_console: fix order of fields cols and rows - [armhf] pwm: stm32: Always program polarity - [amd64] Revert "iommu/amd: Skip enabling command/event buffers for kdump" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.66 - NFSD: Fix permission check for read access to executable-only files - nfsd: provide locking for v4_end_grace - nfsd: use correct loop termination in nfsd4_revoke_states() - nfsd: check that server is running in unlock_filesystem - NFSD: net ref data still needs to be freed even if net hasn't startup - NFSD: Remove NFSERR_EAGAIN - atm: Fix dma_free_coherent() size - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() - [arm64] Fix cleared E0POE bit after cpu_suspend()/resume() - btrfs: always detect conflicting inodes when logging inode refs - [amd64] mei: me: add nova lake point S DID - lib/crypto: aes: Fix missing MMU protection for AES S-box - drm/amdgpu: Fix query for VPE block_type and ip_count - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (Closes: #1122106) - [arm64,armhf] gpio: rockchip: mark the GPIO controller as sleeping - [arm64] pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping - wifi: avoid kernel-infoleak from struct iw_point - wifi: mac80211: restore non-chanctx injection behaviour - libceph: prevent potential out-of-bounds reads in handle_auth_done() - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() - libceph: make free_choose_arg_map() resilient to partial allocation - libceph: return the handler error from mon_handle_auth_done() - libceph: reset sparse-read state in osd_fault() - libceph: make calc_target() set t->paused, not just clear it - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (CVE-2025-40149) - drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally - drm/xe: Ensure GT is in C0 during resumes - dm-snapshot: fix 'scheduling while atomic' on real-time kernels - NFSv4: ensure the open stateid seqid doesn't go backwards - [arm64] ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) - NFS: Fix up the automount fs_context to use the correct cred - drm/amd/display: shrink struct members - smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value - smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value - smb/client: fix NT_STATUS_NO_DATA_DETECTED value - scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset - scsi: ufs: core: Fix EH failure after W-LUN resume error - scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" - btrfs: fix qgroup_snapshot_quick_inherit() squota bug - btrfs: qgroup: update all parent qgroups when doing quick inherit - btrfs: tracepoints: use btrfs_root_id() to get the id of a root - btrfs: fix NULL dereference on root when tracing inode eviction - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files - drm/amd/display: Apply e4479aecf658 to dml - [arm64] dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings - [amd64] crypto: qat - fix duplicate restarting msg during AER error - [arm64] dts: add off-on-delay-us for usdhc2 regulator - netfilter: nft_set_pipapo: fix range overlap detection - netfilter: nft_synproxy: avoid possible data-race on update operation - [arm64,armhf] gpio: pca953x: Add support for level-triggered interrupts - [arm64,armhf] gpio: pca953x: handle short interrupt pulses on PCAL devices - netfilter: nf_tables: fix memory leak in nf_tables_newrule() - netfilter: nf_conncount: update last_gc only when GC has been performed - bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress - [arm64] net: mscc: ocelot: Fix crash when adding interface under a lag - inet: ping: Fix icmp out counting - net: sock: fix hardened usercopy panic in sock_recv_errqueue - netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates - net/mlx5e: Don't print error message due to invalid module - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() - bnxt_en: Fix potential data corruption with HW GRO/LRO - vsock: Make accept()ed sockets use custom setsockopt() - btrfs: only enforce free space tree if v1 cache is required for bs < ps cases - [riscv64] pgtable: Cleanup useless VA_USER_XXX definitions - net: fix memory leak in skb_segment_list for GRO packets - idpf: keep the netdev when a reset fails - idpf: fix memory leak in idpf_vport_rel() - idpf: cap maximum Rx buffer size - HID: quirks: work around VID/PID conflict for appledisplay - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset - net: usb: pegasus: fix memory leak in update_eth_regs_async() - arp: do not assume dev_hard_header() does not change skb->head - erofs: don't bother with s_stack_depth increasing for now - erofs: fix file-backed mounts no longer working on EROFS partitions - ALSA: ac97bus: Use guard() for mutex locks - ALSA: ac97: fix a double free in snd_ac97_controller_register() - btrfs: fix error handling of submit_uncompressed_range() - btrfs: subpage: dump the involved bitmap when ASSERT() failed - btrfs: add extra error messages for delalloc range related errors - btrfs: remove btrfs_fs_info::sectors_per_page - btrfs: truncate ordered extent when skipping writeback past i_size - btrfs: use variable for end offset in extent_writepage_io() - btrfs: fix beyond-EOF write handling - bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K - bpf: Make variables in bpf_prog_test_run_xdp less confusing - bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN - bpf: Fix reference count leak in bpf_prog_test_run_xdp() - net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant - powercap: fix race condition in register_control_type() - powercap: fix sscanf() error return value handling - netfilter: nf_tables: avoid chain re-validation if possible - ata: libata-core: Disable LPM on ST2000DM008-2FR102 - drm/amd/display: Fix DP no audio issue - [arm64] spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string - can: j1939: make j1939_session_activate() fail if device is no longer registered - ALSA: usb-audio: Update for native DSD support quirks - [amd64] ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL - [arm64,armhf] ASoC: fsl_sai: Add missing registers to cache default - scsi: sg: Fix occasional bogus elapsed time that exceeds timeout - spi: cadence-quadspi: Prevent lost complete() call during indirect read - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792) - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.67 - efi/cper: Fix cper_bits_to_str buffer handling and return value - Revert "gfs2: Fix use of bio_chain" - [amd64] x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation - xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set - pNFS: Fix a deadlock when returning a delegation during open() - NFS: Fix a deadlock involving nfs_release_folio() - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions - PM: EM: Fix incorrect description of the cost field in struct em_perf_state - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec - btrfs: send: check for inline extents in range_is_hole_in_parent() - net: bridge: annotate data-races around fdb->{updated,used} - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() - net: update netdev_lock_{type,name} - macvlan: fix possible UAF in macvlan_forward_source() - ipv4: ip_gre: make ipgre_header() robust - net/mlx5e: Fix crash on profile change rollback failure - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv - net/mlx5e: Restore destroying state bit after profile cleanup - btrfs: factor out init_space_info() from create_space_info() - btrfs: factor out check_removing_space_info() from btrfs_free_block_groups() - btrfs: introduce btrfs_space_info sub-group - btrfs: fix memory leaks in create_space_info() error paths - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip - net: hv_netvsc: reject RSS hash key programming without RX indirection table - ipv6: Fix use-after-free in inet6_addr_del(). - net/sched: sch_qfq: do not free existing class in qfq_change_class() - [amd64] ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 - mm: describe @flags parameter in memalloc_flags_save() - textsearch: describe @list member in ts_ops search - mm, kfence: describe @slab parameter in __kfence_obj_info() - [arm64] dmaengine: tegra-adma: Fix use-after-free - [arm64] phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it - [arm64] phy: phy-snps-eusb2: refactor constructs names - phy: drop probe registration printks - [arm64] phy: qcom-qusb2: Fix NULL pointer dereference on early suspend - [armhf] phy: stm32-usphyc: Fix off by one in probe() - [armhf] dmaengine: omap-dma: fix dma_pool resource leak in error paths - [arm64] i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA - HID: usbhid: paper over wrong bNumDescriptor field (Closes: #1122193) - bridge: mcast: Fix use-after-free during router port configuration (CVE-2025-38248) - [arm64] ASoC: codecs: wsa883x: fix unnecessary initialisation - drm/amd/display: mark static functions noinline_for_stack - io_uring: move local task_work in exit cancel loop - scsi: core: Fix error handler encryption support - ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer - null_blk: fix kmemleak by releasing references to fault configfs items - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit. - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts - xfs: Fix the return value of xfs_rtcopy_summary() - lib/buildid: use __kernel_read() for sleepable context - [arm64] phy: rockchip: inno-usb2: fix communication disruption in gadget mode - [arm64,armhf] phy: ti: gmii-sel: fix regmap leak on probe failure - [arm64] phy: freescale: imx8m-pcie: assert phy reset during power on - [arm64] phy: rockchip: inno-usb2: fix disconnection in gadget mode - usb: dwc3: Check for USB4 IP_NAME - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor - USB: OHCI/UHCI: Add soft dependencies on ehci_platform - USB: serial: option: add Telit LE910 MBIM composition - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable - nvme-pci: disable secondary temp for Wodposit WPBSNM8 - [arm64] ASoC: codecs: wsa881x: fix unnecessary initialisation - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref - hrtimer: Fix softirq base check in update_needs_ipi() - [amd64] EDAC/x38: Fix a resource leak in x38_probe1() - [amd64] EDAC/i3200: Fix a resource leak in i3200_probe1() - tcpm: allow looking for role_sw device in the main node - i2c: riic: Move suspend handling to NOIRQ phase - [amd64] x86/resctrl: Add missing resctrl initialization for Hygon - [amd64] x86/resctrl: Fix memory bandwidth counter width for Hygon - nvme: fix PCIe subsystem reset controller state transition - mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure - drm/amd/display: Bump the HDMI clock to 340MHz - drm/amd: Clean up kfd node on surprise disconnect - drm/amdkfd: fix a memory leak in device_queue_manager_init() - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare - [arm64,armhf] drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() - [arm64] dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() - [armhf] dmaengine: stm32: dmamux: fix device leak on route allocation - [armhf] dmaengine: stm32: dmamux: fix OF node leak on route allocation failure - [armhf] dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation - [armhf] dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation - [amd64] HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking - [amd64] HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type - xfs: set max_agbno to allow sparse alloc of last full inode chunk - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure - bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591) - mm/fake-numa: allow later numa node hotplug - mm: numa,memblock: include for 'numa_nodes_parsed' - [arm64] phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path - [arm64] phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() - [arm64] dmaengine: fsl-edma: Fix clk leak on alloc_chan_resources failure - mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection - mm/page_alloc: batch page freeing in decay_pcp_high - mm/page_alloc: prevent pcp corruption with SMP=n - mm/fake-numa: handle cases with no SRAT info https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.68 - posix-clock: Store file pointer in struct posix_clock_context - ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. - dt-bindings: power: qcom,rpmpd: document the SM8750 RPMh Power Domains - dt-bindings: power: qcom,rpmpd: add Turbo L5 corner - dt-bindings: power: qcom-rpmpd: split RPMh domains definitions - dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO - [arm64] pmdomain: qcom: rpmhpd: Add MXC to SC8280XP - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() - btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE - ata: ahci: Do not read the per port area for unimplemented ports - ata: libata-sata: Improve link_power_management_supported sysfs attribute - ata: libata: Add cpr_log to ata_dev_print_features() early return - ata: libata-core: Introduce ata_dev_config_lpm() - ata: libata: Call ata_dev_config_lpm() for ATAPI devices - ata: libata: Print features also for ATAPI devices - ice: initialize ring_stats->syncp - ice: Avoid detrimental cleanup for bond during interface stop - ice: Fix incorrect timeout ice_release_res() - igc: Restore default Qbv schedule when changing channels - igc: fix race condition in TX timestamp read for register 0 - vsock/virtio: Coalesce only linear skb - net: usb: dm9601: remove broken SR9700 support - bonding: limit BOND_MODE_8023AD to Ethernet devices - l2tp: Fix memleak in l2tp_udp_encap_recv(). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT - [amd64,arm64] amd-xgbe: avoid misleading per-packet error log - gue: Fix skb memleak with inner IP protocol 0. - fou: Don't allow 0 for FOU_ATTR_IPPROTO. - veth: fix data race in veth_get_ethtool_stats - l2tp: avoid one data-race in l2tp_tunnel_del_work() - ipvlan: Make the addrs_lock be per port - [arm64] octeontx2: cn10k: fix RX flowid TCAM mask handling - net/sched: Enforce that teql can only be used as root qdisc - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec - wifi: mac80211: don't perform DA check on S1G beacon - serial: 8250_pci: Fix broken RS485 for F81504/508/512 - w1: therm: Fix off-by-one buffer overflow in alarms_store - w1: fix redundant counter decrement in w1_attach_slave_device() - Revert "nfc/nci: Add the inconsistency check between the input data length and count" - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA - scsi: storvsc: Process unsupported MODE_SENSE_10 - scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() - [arm64] dts: rockchip: remove dangerous max-link-speed from helios64 - [arm64] dts: rockchip: Fix voltage threshold for volume keys for Pinephone Pro - [amd64] x86/kfence: avoid writing L1TF-vulnerable PTEs - [amd64] comedi: Fix getting range information for subdevices 16 to 255 - [amd64] platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names - [amd64] platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro - mm/rmap: fix two comments related to huge_pmd_unshare() - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection - interconnect: debugfs: initialize src_node and dst_node to empty strings - regmap: Fix race condition in hwspinlock irqsave routine - [riscv64] clocksource: Fix stimecmp update hazard on RV32 - [amd64] platform/x86/amd: Fix memory leak in wbrf_record() - scsi: core: Wake up the error handler when final completions race against each other - scsi: qla2xxx: Sanitize payload size to prevent member overflow - ALSA: usb: Increase volume range that triggers a warning - ice: Fix persistent failure in ice_get_rxfh - [arm64] net: hns3: fix data race in hns3_fetch_stats - be2net: fix data race in be_get_new_eqd - [arm64] net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M - [arm64] net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue - mISDN: annotate data-race around dev->work - ipv6: annotate data-race in ndisc_router_discovery() - usbnet: limit max_mtu based on device's hard_mtu - clocksource: Reduce watchdog readout delay limit to prevent false positives - sched/fair: Fix pelt clock sync when entering idle - drm/amd/pm: Don't clear SI SMC table when setting power limit - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) - drm/nouveau: add missing DCB connector types - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list - bonding: provide a net pointer to __skb_flow_dissect() - [arm64,armhf] net: dsa: fix off-by-one in maximum bridge ID determination - [arm64] octeontx2-af: Fix error handling - net: openvswitch: fix data race in ovs_vport_get_upcall_stats - vsock/virtio: fix potential underflow in virtio_transport_get_credit() - vsock/virtio: cap TX credit to local buffer size - net/sched: act_ife: avoid possible NULL deref - dpll: Prevent duplicate registrations - [amd64] x86: make page fault handling disable interrupts properly - tpm: Compare HMAC values in constant time - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal - leds: led-class: Only Add LED to leds_list when it is fully ready - of: fix reference count leak in of_alias_scan() - of: platform: Use default match table for /firmware - iio: accel: iis328dq: fix gain values - iio: adc: ad9467: fix ad9434 vref mask - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (Closes: #1121535) - ALSA: scarlett2: Fix buffer overflow in config retrieval - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) - wifi: ath10k: fix dma_free_coherent() pointer - wifi: ath12k: fix dma_free_coherent() pointer - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() - wifi: rsi: Fix memory corruption due to not set vif driver data size - [arm64] fpsimd: signal: Allocate SSVE storage when restoring ZA - [arm64] Set __nocfi on swsusp_arch_resume() - slimbus: core: fix runtime PM imbalance on report present - slimbus: core: fix device reference leak on report present - tracing: Fix crash on synthetic stacktrace field usage - [amd64] intel_th: fix device leak on output open() - mei: trace: treat reg parameter as string - [s390x] ap: Fix wrong APQN fill calculation - netrom: fix double-free in nr_route_frame() - [amd64] platform/x86: hp-bioscfg: Fix automatic module loading - [arm64] pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu - [amd64] perf/x86/intel: Do not enable BTS for guests - [arm64,armhf] irqchip/gic-v3-its: Avoid truncating memory addresses - net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak - drm/amdgpu: remove frame cntl for gfx v12 - gpio: cdev: Correct return code on memory allocation failure - migrate: correct lock ordering for hugetlb file folios - [arm64] dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA - can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak - bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725) - [arm64] dts: rockchip: remove redundant max-link-speed from nanopi-r4s - iio: core: add missing mutex_destroy in iio_dev_release() - iio: core: Replace lockdep_set_class() + mutex_init() by combined call - iio: core: add separate lockdep class for info_exist_lock - [armhf] iio: adc: exynos_adc: fix OF populate on driver rebind - exfat: fix refcount leak in exfat_find (CVE-2025-68351) - sched_ext: Fix possible deadlock in the deferred_irq_workfn() (CVE-2025-68333) - fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365) - [amd64] accel/ivpu: Fix race condition when unbinding BOs (CVE-2025-68749) - btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358) - wifi: ath11k: fix RCU stall while reaping monitor destination ring (CVE-2024-58097) - vsock/virtio: Move length check to callers of virtio_vsock_skb_rx_put() - vsock/virtio: Rename virtio_vsock_alloc_skb() - vsock/virtio: Move SKB allocation lower-bound check to callers - vsock/virtio: Rename virtio_vsock_skb_rx_put() - vhost/vsock: Allocate nonlinear SKBs for handling large receive buffers - vsock/virtio: Allocate nonlinear SKBs for handling large transmit buffers - net: Introduce skb_copy_datagram_from_iter_full() - vsock/virtio: Fix message iterator handling on transmit path https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.69 - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work - Bluetooth: MGMT: Fix memory leak in set_ssp_complete - net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message - bonding: annotate data-races around slave->last_rx - [arm64,armhf] net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() - ipv6: use the right ifindex when replying to icmpv6 from localhost - net: wwan: t7xx: fix potential skb->frags overflow in RX path - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues - ice: stop counting UDP csum mismatch as rx_errors - net/mlx5e: TC, delete flows only for existing peers - nfc: nci: Fix race between rfkill and nci_unregister_device(). - net: bridge: fix static key check - net: phy: micrel: fix clk warning when removing the driver - net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect - net/mlx5: Initialize events outside devlink lock - net/mlx5: Fix vhca_id access call trace use before alloc - net/mlx5e: Skip ESN replay window setup for IPsec crypto offload - scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() - [amd64] ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion - gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler - gpio: virtuser: fix UAF in configfs release path - bcache: fix improper use of bi_end_io - bcache: use bio cloning for detached device requests - bcache: fix I/O accounting leak in detached_dev_do_request - dma/pool: distinguish between missing and exhausted atomic pools - sched/deadline: Document dl_server - sched/deadline: Fix 'stuck' dl_server - [arm64,armhf] pinctrl: meson: mark the GPIO controller as sleeping - [riscv64] compat: fix COMPAT_UTS_MACHINE definition - scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() - [amd64] ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO - [arm64,armhf] gpio: pca953x: mask interrupts in irq shutdown - scsi: qla2xxx: edif: Fix dma_free_coherent() size - efivarfs: fix error propagation in efivar_entry_get() - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (Closes: #1122521) - gpio: rockchip: Stop calling pinctrl for set_direction - mptcp: only reset subflow errors when propagated - flex_proportions: make fprop_new_period() hardirq safe - mm/memory-failure: fix missing ->mf_stats count in hugetlb poison - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn - mm/shmem, swap: fix race of truncate and swap entry split - net: fix segmentation of forwarding fraglist GRO - [arm64] drm/msm/a6xx: fix bogus hwcg register updates - drm/amdgpu/soc21: fix xclk for APUs - drm/amdgpu/gfx10: fix wptr reset in KGQ init - drm/amdgpu/gfx11: fix wptr reset in KGQ init - drm/amdgpu/gfx12: fix wptr reset in KGQ init - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() - gpiolib: acpi: Fix potential out-of-boundary left shift - cgroup: Fix kernfs_node UAF in css_free_rwork_fn - rxrpc: Fix data-race warning and potential load/store tearing - ksmbd: smbd: fix dma_unmap_sg() nents (CVE-2026-23093) - mm/kfence: randomize the freelist on initialization - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (CVE-2024-58096) - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" - btrfs: prevent use-after-free on folio private data in btrfs_subpage_clear_uptodate() - net/sched: act_ife: convert comma to semicolon - [arm64] pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins - mptcp: avoid dup SUB_CLOSED events after disconnect - perf: Simplify get_perf_callchain() user logic - perf: sched: Fix perf crash with new is_user_task() helper - writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 - drm/amdgpu/gfx11: adjust KGQ reset sequence - [arm64] pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver - net: mana: Change the function signature of mana_get_primary_netdev_rcu - RDMA/mana_ib: Handle net event for pointing to the current netdev . [ Macpaul Lin ] * udeb: Add USB TYPE-C and Mux modules in usb-modules (Closes: #1109090) . [ Salvatore Bonaccorso ] * fs/nfsd: Enable NFSD_SCSILAYOUT (NFSv4.1 server support for pNFS SCSI layouts) * [rt] Update to 6.12.66-rt15 linux-signed-amd64 (6.12.69+1~bpo12+1) bookworm-backports; urgency=medium . * Sign kernel from linux 6.12.69-1~bpo12+1 . * Rebuild for bookworm-backports linux-signed-arm64 (6.12.73+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.73-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.70 - nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec - [amd64] x86/vmware: Fix hypercall clobbers - [amd64] x86/kfence: fix booting on 32bit non-PAE systems - [amd64] platform/x86: intel_telemetry: Fix swapped arrays in PSS output - ALSA: aloop: Fix racy access at PCM trigger - [arm64] pmdomain: qcom: rpmpd: fix off-by-one error in clamping to the highest state - [arm64] pmdomain: imx8mp-blk-ctrl: Keep gpc power domain on for system wakeup - [arm64,armhf] pmdomain: imx: gpcv2: Fix the imx8mm gpu hang due to wrong adb400 reset - [arm64] pmdomain: imx8mp-blk-ctrl: Keep usb phy power domain on for system wakeup - [arm64] pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains - mm/slab: Add alloc_tagging_slab_free_hook for memcg_alloc_abort_single - ceph: fix NULL pointer dereference in ceph_mds_auth_match() (Closes: #1125405) - rbd: check for EOD after exclusive lock is ensured to be held - ceph: fix oops due to invalid pointer for kfree() in parse_longname() - gve: Fix stats report corruption on queue count change - gve: Correct ethtool rx_dropped calculation - mm, shmem: prevent infinite loop on truncate race - Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" - KVM: Don't clobber irqfd routing type when deassigning irqfd - PCI/ERR: Ensure error recoverability at all times - ublk: fix deadlock when reading partition table (CVE-2025-68823) - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() (CVE-2025-40082) - [arm*] binder: fix BR_FROZEN_REPLY error log - binderfs: fix ida_alloc_max() upper bound - procfs: avoid fetching build ID while holding VMA lock - tracing: Fix ftrace event field alignments - wifi: mac80211: ocb: skip rx_no_sta when interface is not joined - wifi: wlcore: ensure skb headroom before skb_push - net: usb: sr9700: support devices with virtual driver CD - block,bfq: fix aux stat accumulation destination - smb/server: call ksmbd_session_rpc_close() on error path in create_smb2_pipe() - md: suspend array while updating raid_disks via sysfs - smb/server: fix refcount leak in smb2_open() - smb/server: fix refcount leak in parse_durable_handle_context() - [amd64] HID: intel-ish-hid: Update ishtp bus match to support device ID table - HID: multitouch: add MT_QUIRK_STICKY_FINGERS to MT_CLS_VTL - btrfs: fix reservation leak in some error paths when inserting inline extent - [riscv64] Sanitize syscall table indexing under speculation - [amd64] HID: intel-ish-hid: Reset enum_devices_done before enumeration - HID: playstation: Center initial joystick axes to prevent spurious events - ALSA: hda/realtek: Add quirk for Acer Nitro AN517-55 - ALSA: hda/realtek: add HP Laptop 15s-eq1xxx mute LED quirk - [arm64] PCI: qcom: Remove ASPM L0s support for MSM8996 SoC - netfilter: replace -EEXIST with -EBUSY - HID: quirks: Add another Chicony HP 5MP Cameras to hid_ignore_list - HID: i2c-hid: fix potential buffer overflow in i2c_hid_get_report() - HID: Apply quirk HID_QUIRK_ALWAYS_POLL to Edifier QR30 (2d99:a101) - drm/amd/pm: Disable MMIO access during SMU Mode 1 reset - ring-buffer: Avoid softlockup in ring_buffer_resize() during memory free - HID: logitech: add HID++ support for Logitech MX Anywhere 3S - wifi: mac80211: collect station statistics earlier when disconnect - ASoC: simple-card-utils: Check device node before overwrite direction - nvme-fc: release admin tagset if init fails - nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() - [amd64] ASoC: amd: yc: Fix microphone on ASUS M6500RE - regmap: maple: free entry on mas_store_gfp() failure - wifi: cfg80211: Fix bitrate calculation overflow for HE rates - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() - ALSA: hda/realtek: Fix headset mic for TongFang X6AR55xU - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() - wifi: mac80211: correctly check if CSA is active - wifi: mac80211: don't increment crypto_tx_tailroom_needed_cnt twice - btrfs: reject new transactions if the fs is fully read-only - ALSA: hda/realtek: ALC269 fixup for Lenovo Yoga Book 9i 13IRU8 audio - [amd64] platform/x86: toshiba_haps: Fix memory leaks in add/remove routines - [amd64] platform/x86: intel_telemetry: Fix PSS event register mask - [amd64] platform/x86: hp-bioscfg: Skip empty attribute names - [amd64] platform/x86/intel/tpmi/plr: Make the file domain/status writeable - smb/client: fix memory leak in smb2_open_file() - net: add skb_header_pointer_careful() helper - net/sched: cls_u32: use skb_header_pointer_careful() - net: liquidio: Initialize netdev pointer before queue setup - net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup - net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup - net: phy: add phy_interface_weight() - net: phy: add phy_interface_copy() - net: sfp: pre-parse the module support - net: sfp: convert sfp quirks to modify struct sfp_module_support - net: sfp: Fix quirk for Ubiquiti U-Fiber Instant SFP module - macvlan: fix error recovery in macvlan_common_newlink() - net: usb: r8152: fix resume reset deadlock - net: don't touch dev->stats in BPF redirect paths - tipc: use kfree_sensitive() for session key material - drm/amd/display: fix wrong color value mapping on MCM shaper LUT - net: gro: fix outer network offset - [amd64] drm/mgag200: fix mgag200_bmc_stop_scanout() - drm/xe/query: Fix topology query pointer advance - drm/xe/pm: Also avoid missing outer rpm warning on system suspend - drm/xe/pm: Disable D3Cold for BMG only on specific platforms - [armhf] hwmon: (occ) Mark occ_init_attribute() as __printf - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() - ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF - ALSA: usb-audio: fix broken logic in snd_audigy2nx_led_update() - [amd64] ASoC: amd: fix memory leak in acp3x pdm dma ops - [arm64] ipi: tegra: Fix a memory leak in tegra_slink_probe() - [arm64,armhf] spi: tegra114: Preserve SPI mode bits in def_command1_reg - ALSA: hda/realtek: Really fix headset mic for TongFang X6AR55xU. - gpiolib-acpi: Update file references in the Documentation and MAINTAINERS https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.71 - net: tunnel: make skb_vlan_inet_prepare() return drop reasons (Closes: #1127597) - io_uring/rw: recycle buffers manually for non-mshot reads https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.72 - smb: client: split cached_fid bitfields to avoid shared-byte RMW races - ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths - smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() - driver core: enforce device_lock for driver_match_device() - Bluetooth: btusb: Add USB ID 7392:e611 for Edimax EW-7611UXB - [amd64] crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode - [armhf] crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly - crypto: virtio - Add spinlock protection with virtqueue notification - crypto: virtio - Remove duplicated virtqueue_kick in virtio_crypto_skcipher_crypt_req - nilfs2: Fix potential block overflow that cause system hang - wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon() - scsi: qla2xxx: Validate sp before freeing associated memory - scsi: qla2xxx: Allow recovery for tape devices - scsi: qla2xxx: Delay module unload while fabric scan in progress - scsi: qla2xxx: Free sp in error path to fix system crash - scsi: qla2xxx: Query FW again before proceeding with login - bus: mhi: host: pci_generic: Add Telit FE990B40 modem support - mptcp: fix race in mptcp_pm_nl_flush_addrs_doit() (CVE-2026-23169) - erofs: fix UAF issue for file-backed mounts w/ directio option - xfs: fix UAF in xchk_btree_check_block_owner - PCI: endpoint: Avoid creating sub-groups asynchronously - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add - [armhf] gpio: omap: do not register driver in probe() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.73 - Revert "driver core: enforce device_lock for driver_match_device()" linux-signed-arm64 (6.12.73+1~bpo12+1) bookworm-backports; urgency=medium . * Sign kernel from linux 6.12.73-1~bpo12+1 . * Rebuild for bookworm-backports linux-signed-arm64 (6.12.69+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.69-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.64 - btrfs: do not skip logging new dentries when logging a new name - btrfs: fix a potential path leak in print_data_reloc_error() - [arm64] bpf, arm64: Do not audit capability check in do_jit() - btrfs: fix memory leak of fs_devices in degraded seed device path - shmem: fix recovery on rename failures - iomap: adjust read range correctly for non-block-aligned positions - iomap: account for unaligned end offsets when truncating read range - scripts/faddr2line: Fix "Argument list too long" error - [amd64] perf/x86/amd: Check event before enable to avoid GPF - sched/deadline: only set free_cpus for online runqueues - sched/fair: Revert max_newidle_lb_cost bump - [amd64] x86/ptrace: Always inline trivial accessors - ACPICA: Avoid walking the Namespace if start_node is NULL - ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only - cpufreq: dt-platdev: Add JH7110S SOC to the allowlist - ACPI: fan: Workaround for 64-bit firmware bug - cpuidle: menu: Use residency threshold in polling state override decisions - livepatch: Match old_sympos 0 and 1 in klp_find_func() - fs/ntfs3: Support timestamps prior to epoch - kbuild: Use objtree for module signing key path - ntfs: set dummy blocksize to read boot_block when mounting - hfsplus: fix volume corruption issue for generic/070 - hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create - hfsplus: Verify inode mode when loading from disk - hfsplus: fix volume corruption issue for generic/073 - fs/ntfs3: check for shutdown in fsync - wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU - wifi: cfg80211: stop radar detection in cfg80211_leave() - wifi: cfg80211: use cfg80211_leave() in iftype change - wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load - wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet - btrfs: scrub: always update btrfs_scrub_progress::last_physical - gfs2: fix remote evict for read-only filesystems - gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" - smb/server: fix return value of smb2_ioctl() - ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency - ksmbd: vfs: fix race on m_flags in vfs_cache - Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV - Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 - Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 - Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE - Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT - gfs2: Fix use of bio_chain - [arm64,armhf] net: fec: ERR007885 Workaround for XDP TX path - netrom: Fix memory leak in nr_sendmsg() - net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change - ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() - bnxt_en: Fix XDP_TX path - net: openvswitch: fix middle attribute validation in push_nsh() action - broadcom: b44: prevent uninitialized value usage - netfilter: nf_conncount: fix leaked ct in error paths - ipvs: fix ipv4 null-ptr-deref in route error path - net/sched: ets: Remove drr class from the active list if it changes to strict - nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() - netfilter: nf_nat: remove bogus direction check - netfilter: nf_tables: remove redundant chain validation on register store - ethtool: Avoid overflowing userspace buffer on stats query - net/mlx5: fw reset, clear reset requested on drain_fw_reset - net/mlx5: Drain firmware reset in shutdown callback - net/mlx5: fw_tracer, Validate format string parameters - net/mlx5: fw_tracer, Handle escaped percent properly - net/mlx5: Serialize firmware reset with devlink - net/handshake: duplicate handshake cancellations leak socket - [arm64] net: enetc: do not transmit redirected XDP frames when the link is down - [arm64] net: hns3: using the num_tqps in the vf driver to apply for resources - [arm64] net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx - [arm64] net: hns3: add VLAN id validation before using - [amd64] hwmon: (dell-smm) Limit fan multiplier to avoid overflow - hwmon: (ibmpex) fix use-after-free in high/low store - hwmon: (tmp401) fix overflow caused by default conversion rate value - drm/me/gsc: mei interrupt top half should be in irq disabled context - drm/xe: Restore engine registers before restarting schedulers after GT reset - drm/panel: sony-td4353-jdi: Enable prepare_prev_first - [amd64] x86/xen: Move Xen upcall handler - [amd64] x86/xen: Fix sparse warning in enlighten_pv.c - [arm64] kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder - spi: cadence-quadspi: Fix clock disable on probe failure path - block: rnbd-clt: Fix leaked ID in init_dev() - drm/xe: Limit num_syncs to prevent oversized allocations - drm/xe/oa: Limit num_syncs to prevent oversized allocations - ksmbd: skip lock-range check on equal size to avoid size==0 underflow - ksmbd: Fix refcount leak when invalid session is found on session lookup - ksmbd: fix buffer validation by including null terminator size in EA length - HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen - Input: ti_am335x_tsc - fix off-by-one error in wire_order validation - Input: lkkbd - disable pending work before freeing device - Input: alps - fix use-after-free bugs caused by dev3_register_work - Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table - xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails - can: gs_usb: gs_can_open(): fix error handling - [arm64,armhf] soc/tegra: fuse: Do not register SoC device on ACPI boot - ACPI: PCC: Fix race condition by removing static qualifier - ACPI: CPPC: Fix missing PCC check for guaranteed_perf - [arm64] mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds - dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml - net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() - [amd64] x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures - ALSA: vxpocket: Fix resource leak in vxpocket_probe error path - ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path - ALSA: usb-mixer: us16x08: validate meter packet indices - nfsd: update percpu_ref to manage references on nfsd_net - nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ - nfsd: fix memory leak in nfsd_create_serv error paths - ipmi: Fix the race between __scan_channels() and deliver_response() - ipmi: Fix __scan_channels() failing to rescan channels - [arm64,armhf] ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx - scsi: smartpqi: Add support for Hurray Data new controller PCI device - [arm64] clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 - scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled - scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive - scsi: qla2xxx: Use reinit_completion on mbx_intr_comp - fuse: Always flush the page cache before FOPEN_DIRECT_IO write - fuse: Invalidate the page cache after FOPEN_DIRECT_IO write - via_wdt: fix critical boot hang due to unnamed resource allocation - reset: fix BIT macro reference - exfat: fix remount failure in different process environments - exfat: zero out post-EOF page cache on file extension - usbip: Fix locking bug in RT-enabled kernels - usb: typec: ucsi: Handle incorrect num_connectors capability - [armhf] iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains - usb: xhci: limit run_graceperiod for only usb 3.0 devices - usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. - libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map - i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware - nvme-fc: don't hold rport lock when putting ctrl - nvme-fabrics: add ENOKEY to no retry criteria for authentication failures - [amd64] platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks - [amd64] scsi: scsi_debug: Fix atomic write enable module param description - block: rnbd-clt: Fix signedness bug in init_dev() - vhost/vsock: improve RCU read sections around vhost_vsock_get() - cifs: Fix memory and information leak in smb3_reconfigure() - KEYS: trusted: Fix a memory leak in tpm2_load_cmd - io_uring: fix filename leak in __io_openat_prep() - [amd64] x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems - [arm64] mmc: sdhci-msm: Avoid early clock doubling during HS400 transition - perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() - [amd64] lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit - [s390x] dasd: Fix gendisk parent after copy pair swap - wifi: mt76: Fix DTS power-limits on little endian systems - block: rate-limit capacity change info log - floppy: fix for PAGE_SIZE != 4KB - kallsyms: Fix wrong "big" kernel symbol type read from procfs - fs/ntfs3: fix mount failure for sparse runs in run_unpack() - tpm: Cap the number of PCR banks - ext4: fix string copying in parse_apply_sb_mount_options() - ext4: xattr: fix null pointer deref in ext4_raw_inode() - ext4: clear i_state_flags when alloc inode - ext4: fix incorrect group number assertion in mb_check_buddy - ext4: align max orphan file size with e2fsprogs limit - jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key - jbd2: use a weaker annotation in journal handling - media: v4l2-mem2mem: Fix outdated documentation - mptcp: schedule rtx timer only after pushing data - mptcp: avoid deadlock on fallback while reinjecting - usb: usb-storage: Maintain minimal modifications to the bcdDevice range. - media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() - media: pvrusb2: Fix incorrect variable used in trace message - usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() - [arm64,armhf] usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe - [arm64,armhf] usb: dwc3: keep susphy enabled during exit to avoid controller faults - char: applicom: fix NULL pointer dereference in ac_ioctl - [amd64] intel_th: Fix error handling in intel_th_output_open - mei: gsc: add dependency on Xe driver - serial: sh-sci: Check that the DMA cookie is valid - cpuidle: governors: teo: Drop misguided target residency check - cpufreq: nforce2: fix reference count leak in nforce2 - scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" - scsi: aic94xx: fix use-after-free in device removal path - NFSD: use correct reservation type in nfsd4_scsi_fence_client - scsi: target: Reset t_task_cdb pointer in error case - scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow - scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error - f2fs: ensure node page reads complete before f2fs_put_super() finishes - f2fs: fix to avoid potential deadlock - f2fs: fix to avoid updating zero-sized extent in extent cache - f2fs: invalidate dentry cache on failed whiteout creation - f2fs: fix age extent cache insertion skip on counter overflow - f2fs: fix uninitialized one_time_gc in victim_sel_policy - f2fs: fix return value of f2fs_recover_fsync_data() - KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot - media: vidtv: initialize local pointers upon transfer of memory ownership - ocfs2: fix kernel BUG in ocfs2_find_victim_chain - [amd64] KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) - [amd64] platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver - scs: fix a wrong parameter in __scs_magic - libceph: make decode_pool() more resilient against corrupted osdmaps - [powerpc*] Add reloc_offset() to font bitmap pointer used for bootx_printf() - [amd64] KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 - [amd64] KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() - [amd64] KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer - [amd64] KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE - [amd64] KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN - [amd64] KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation - [amd64] KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN - [amd64] KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit - [amd64] KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) - [amd64] KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits - xfs: fix a memory leak in xfs_buf_item_init() - xfs: fix stupid compiler warning - xfs: fix a UAF problem in xattr repair - tracing: Do not register unsupported perf events - PM: runtime: Do not clear needs_force_resume with enabled runtime PM - r8169: fix RTL8117 Wake-on-Lan in DASH mode - fsnotify: do not generate ACCESS/MODIFY events on child for special files - net/handshake: restore destructor on submit failure - NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap - NFSD: NFSv4 file creation neglects setting ACL - nfsd: Mark variable __maybe_unused to avoid W=1 build break - svcrdma: return 0 on success from svc_rdma_copy_inline_range - svcrdma: use rc_pageoff for memcpy byte offset - SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf - [powerpc*] kexec: Enable SMT before waking offline CPUs - btrfs: don't log conflicting inode if it's a dir moved in the current transaction - [s390x] ipl: Clear SBP flag when bootprog is set - gpio: regmap: Fix memleak in error path in gpio_regmap_register() - io_uring/poll: correctly handle io_poll_add() return value on update - io_uring: fix min_wait wakeups for SQPOLL - Revert "drm/amd/display: Fix pbn to kbps Conversion" - drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() - drm/amd/display: Fix scratch registers offsets for DCN35 - drm/amd/display: Fix scratch registers offsets for DCN351 - drm/displayid: pass iter to drm_find_displayid_extension() - ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (CVE-2025-68345) - ALSA: wavefront: Use guard() for spin locks - ALSA: wavefront: Clear substream pointers on close - [arm64] pinctrl: renesas: rzg2l: Fix ISEL restore on resume - hsr: hold rcu and dev lock for hsr_get_port_ndev (CVE-2025-39872) - sched/rt: Fix race in push_rt_task (CVE-2025-38234) - [arm64] KVM: arm64: Initialize HCR_EL2.E2H early - [arm64] KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() - [arm64] Revamp HCR_EL2.E2H RES1 detection - dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets - dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets - crypto: af_alg - zero initialize memory allocated via sock_kmalloc - crypto: caam - Add check for kcalloc() in test_len() - [arm64,armhf] amba: tegra-ahb: Fix device leak on SMMU enable - virtio: vdpa: Fix reference count leak in octep_sriov_enable() - tracing: Fix fixed array of synthetic event - [arm64,armhf] soc: samsung: exynos-pmu: fix device leak on regmap lookup - [arm64] soc: qcom: ocmem: fix device leak on lookup - [arm64] soc: amlogic: canvas: fix device leak on lookup - rpmsg: glink: fix rpmsg device leak - [amd64] platform/x86: intel: chtwc_int33fe: don't dereference swnode args - i2c: amd-mp2: fix reference leak in MP2 PCI device - hwmon: (max16065) Use local variable to avoid TOCTOU - hwmon: (max6697) fix regmap leak on probe failure - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU - hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU - [amd64] x86/msi: Make irq_retrigger() functional for posted MSI - [arm64] iommu/mediatek: fix use-after-free on probe deferral - fuse: fix readahead reclaim deadlock - wifi: rtw88: limit indirect IO under powered off for RTL8822CS (Closes: #1125797) - wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() - wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() - wifi: mac80211: do not use old MBSSID elements - i40e: fix scheduling in set_rx_mode - i40e: validate ring_len parameter against hardware-specific values - iavf: fix off-by-one issues in iavf_config_rss_reg() - idpf: reduce mbx_task schedule delay to 300us - crypto: seqiv - Do not use req->iv after crypto_aead_encrypt - Bluetooth: btusb: revert use of devm_kzalloc in btusb - net: mdio: aspeed: add dummy read to avoid read-after-write issue - net: openvswitch: Avoid needlessly taking the RTNL on vport destroy - ip6_gre: make ip6gre_header() robust - [amd64] platform/x86: msi-laptop: add missing sysfs_remove_group() - [amd64] platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic - team: fix check for port enabled in team_queue_override_port_prio_changed() - [arm64,armhf] net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() - amd-xgbe: reset retries and mode on RX adapt failures - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure - genalloc.h: fix htmldocs warning - firewire: nosy: Fix dma_free_coherent() size - [armhf] net: dsa: b53: skip multicast entries for fdb_dump() - kbuild: fix compilation of dtb specified on command-line without make rule - net: usb: asix: validate PHY address before use - net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct - vfio/pds: Fix memory leak in pds_vfio_dirty_enable() - [amd64] platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing - [arm64] octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" - net: stmmac: fix the crash issue for zero copy XDP_TX action - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() - ipv4: Fix reference count leak when using error routes with nexthop objects - net: rose: fix invalid array index in rose_kill_by_device() - ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT - RDMA/irdma: avoid invalid read in irdma_net_event - RDMA/efa: Remove possible negative shift - RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() - RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() - RDMA/core: always drop device refcount in ib_del_sub_device_and_put() - RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send - RDMA/bnxt_re: Fix to use correct page size for PDE table - md: Fix static checker warning in analyze_sbs - md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() - ksmbd: Fix memory leak in get_file_all_info() - RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation - RDMA/bnxt_re: fix dma_free_coherent() pointer - blk-mq: skip CPU offline notify on unmapped hctx - ntfs: Do not overwrite uptodate pages - [armhf] ASoC: stm32: sai: fix device leak on probe - [armhf] ASoC: stm32: sai: fix clk prepare imbalance on probe failure - [armhf] ASoC: stm32: sai: fix OF node leak on probe - [arm64] ASoC: codecs: lpass-tx-macro: fix SM6115 support - [arm64] ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr - [arm64] ASoC: qcom: q6asm-dai: perform correct state check before closing - [arm64] ASoC: qcom: q6adm: the the copp device only during last instance - [arm64] ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. - [amd64] iommu/amd: Fix pci_segment memleak in alloc_pci_segment() - [amd64] iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() - [armhf] iommu/omap: fix device leaks on probe_device() - [arm64] iommu/qcom: fix device leak on of_xlate() - [arm64,riscv64] iommu/sun50i: fix device leak on of_xlate() - [arm64,armhf] iommu/tegra: fix device leak on probe_device() - iommu: disable SVA when CONFIG_X86 is set - HID: logitech-dj: Remove duplicate error logging - fgraph: Initialize ftrace_ops->private for function graph ops - fgraph: Check ftrace_pids_enabled on registration for early filtering - PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths - [arm64] dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator - [powerpc*] mm: Fix mprotect on book3s 32-bit - [powerpc*] 64s/slb: Fix SLB multihit issue during SLB preload - leds: leds-cros_ec: Skip LEDs without color components - leds: leds-lp50xx: Allow LED 0 to be added to module bank - leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs - leds: leds-lp50xx: Enable chip before any communication - block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs - [arm64,armhf] clk: samsung: exynos-clkout: Assign .num before accessing .hws (Closes: #1121211) - [arm64] mfd: max77620: Fix potential IRQ chip conflict when probing two devices - media: rc: st_rc: Fix reset control resource leak - media: verisilicon: Fix CPU stalls on G2 bus error - mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions - mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips - mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips - mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips - mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips - mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips - [amd64] perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error - [powerpc*] pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION - media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() - firmware: stratix10-svc: Add mutex in stratix10 memory management - dm-ebs: Mark full buffer dirty even on partial write - dm-bufio: align write boundary on physical block size - fbdev: gbefb: fix to use physical address instead of dma address - fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing - fbdev: tcx.c fix mem_map to correct smem_start offset - media: cec: Fix debugfs leak on bus_register() failure - media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() - media: platform: mtk-mdp3: fix device leaks at probe - media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled - media: samsung: exynos4-is: fix potential ABBA deadlock on init - media: TDA1997x: Remove redundant cancel_delayed_work in probe - media: verisilicon: Protect G2 HEVC decoder against invalid DPB index - media: videobuf2: Fix device reference leak in vb2_dc_alloc error path - media: vpif_capture: fix section mismatch - media: vpif_display: fix section mismatch - media: amphion: Cancel message work before releasing the VPU core - media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe - media: i2c: adv7842: Remove redundant cancel_delayed_work in probe - media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_probe() - compiler_types.h: add "auto" as a macro for "__auto_type" - lockd: fix vfs_test_lock() calls - idr: fix idr_alloc() returning an ID out of range - mm/page_owner: fix memory leak in page_owner_stack_fops->release() - [amd64] x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo - tools/mm/page_owner_sort: fix timestamp comparison for stable sorting - samples/ftrace: Adjust LoongArch register restore order in direct calls - RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly - RDMA/cm: Fix leaking the multicast GID table reference - e1000: fix OOB in e1000_tbi_should_accept() - fjes: Add missing iounmap in fjes_hw_init() - nfsd: Drop the client reference in client_states_open() - net: usb: sr9700: fix incorrect command used to write single register - net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write - net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() - Revert "drm/amd: Skip power ungate during suspend for VPE" - drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling - drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma - drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling - [arm64] drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers - [amd64] drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() - drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident - drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() - [arm64] drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() - [arm64] drm/mediatek: Fix probe resource leaks - [arm64] drm/mediatek: Fix probe memory leak - [arm64] drm/mediatek: Fix probe device leaks - drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace - drm/amdkfd: bump minimum vgpr size for gfx1151 - drm/amdkfd: Trap handler support for expert scheduling mode - [amd64] drm/i915: Fix format string truncation warning - drm/ttm: Avoid NULL pointer deref for evicted BOs - [amd64] drm/mgag200: Fix big-endian support - drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table - drm/xe/oa: Disallow 0 OA property values - drm/xe: Adjust long-running workload timeslices to reasonable values - drm/xe: Use usleep_range for accurate long-running workload timeslicing - drm/xe: Drop preempt-fences when destroying imported dma-bufs. - [arm64] drm/msm/dpu: Add missing NULL pointer check for pingpong interface - [amd64] drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer - drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb - [riscv64] lib/crypto: riscv/chacha: Avoid s0/fp register - gfs2: fix freeze error handling - btrfs: don't rewrite ret from inode_permission - sched/eevdf: Fix min_vruntime vs avg_vruntime - erofs: fix unexpected EIO under memory pressure - sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks - jbd2: fix the inconsistency between checksum and data in memory for journal sb - tty: introduce and use tty_port_tty_vhangup() helper - xhci: dbgtty: fix device unregister: fixup - f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() - f2fs: use global inline_xattr_slab instead of per-sb slab cache - f2fs: drop inode from the donation list when the last file is closed - f2fs: fix to avoid updating compression context during writeback - serial: core: fix OF node leak - serial: core: Restore sysfs fwnode information - mptcp: pm: ignore unknown endpoint flags - mm/ksm: fix exec/fork inheritance support for prctl - svcrdma: bound check rq_pages index in inline path - block: freeze queue when updating zone resources - tpm2-sessions: Fix tpm2_read_public range checks - sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() - sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() - drm/displayid: add quirk to ignore DisplayID checksum errors - hrtimers: Introduce hrtimer_update_function() - [arm64] serial: xilinx_uartps: Use helper function hrtimer_update_function() - [arm64] serial: xilinx_uartps: fix rs485 delay_rts_after_send - f2fs: clear SBI_POR_DOING before initing inmem curseg - f2fs: add timeout in f2fs_enable_checkpoint() - f2fs: dump more information for f2fs_{enable,disable}_checkpoint() - f2fs: fix to propagate error from f2fs_enable_checkpoint() - gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list() - gpiolib: acpi: Handle deferred list via new API - gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter - gpiolib: acpi: Move quirks to a separate file - gpiolib: acpi: Add a quirk for Acer Nitro V15 - gpiolib: acpi: Add quirk for ASUS ProArt PX13 - gpiolib: acpi: Add quirk for Dell Precision 7780 - netfilter: nft_ct: add seqadj extension for natted connections (CVE-2025-68206) - md/raid10: wait barrier before returning discard request with REQ_NOWAIT (CVE-2025-40325) - [arm64] drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (CVE-2025-40276) - net: ipv6: ioam6: use consistent dst names - ipv6: adopt dst_dev() helper - net: use dst_dev_rcu() in sk_setup_caps() - usbnet: Fix using smp_processor_id() in preemptible code warnings - serial: core: Fix serial device initialization - tty: fix tty_port_tty_*hangup() kernel-doc - [amd64] x86/microcode/AMD: Select which microcode patch to load - media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio - wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend - wifi: mt76: mt7925: fix CLC command timeout when suspend/resume - wifi: mt76: mt7925: add handler to hif suspend/resume event - idpf: add support for SW triggered interrupts - idpf: trigger SW interrupt when exiting wb_on_itr mode - idpf: add support for Tx refillqs in flow scheduling mode - idpf: improve when to set RE bit logic - idpf: simplify and fix splitq Tx packet rollback error path - idpf: replace flow scheduling buffer ring with buffer pool - idpf: stop Tx if there are insufficient buffer resources - idpf: remove obsolete stashing code - hrtimers: Make hrtimer_update_function() less expensive - gve: defer interrupt enabling until NAPI registration - block: handle zone management operations completions - soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter - [arm64] ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime - PCI: brcmstb: Reuse pcie_cfg_data structure - PCI: brcmstb: Set MLW based on "num-lanes" DT property if present - PCI: brcmstb: Fix disabling L0s capability - mm/balloon_compaction: we cannot have isolated pages in the balloon list - mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() - [powerpc*] pseries/cmm: adjust BALLOON_MIGRATE when migrating pages - media: mediatek: vcodec: Use spinlock for context list protection lock - media: amphion: Add a frame flush mode for decoder - media: amphion: Make some vpu_v4l2 functions static - media: amphion: Remove vpu_vb_is_codecconfig - vfio/pci: Disable qword access to the PCI ROM bar - iomap: allocate s_dio_done_wq for async reads as well (CVE-2025-68357) - block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.65 - mptcp: fallback earlier on simult connection - mm/page_alloc: change all pageblocks migrate type on coalescing - mm: simplify folio_expected_ref_count() - mm: consider non-anon swap cache folios in folio_expected_ref_count() - mptcp: ensure context reset on disconnect() - wifi: mac80211: Discard Beacon frames to non-broadcast address - [arm64] net: phy: mediatek: fix nvmem cell reference leak in mt798x_phy_calibration - drm/amdgpu: Forward VMID reservation errors - [amd64] cpufreq: intel_pstate: Check IDA only before MSR_IA32_PERF_CTL writes - net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. - sched/fair: Small cleanup to sched_balance_newidle() - sched/fair: Small cleanup to update_newidle_cost() - sched/fair: Proportional newidle balance - virtio_console: fix order of fields cols and rows - [armhf] pwm: stm32: Always program polarity - [amd64] Revert "iommu/amd: Skip enabling command/event buffers for kdump" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.66 - NFSD: Fix permission check for read access to executable-only files - nfsd: provide locking for v4_end_grace - nfsd: use correct loop termination in nfsd4_revoke_states() - nfsd: check that server is running in unlock_filesystem - NFSD: net ref data still needs to be freed even if net hasn't startup - NFSD: Remove NFSERR_EAGAIN - atm: Fix dma_free_coherent() size - net: 3com: 3c59x: fix possible null dereference in vortex_probe1() - [arm64] Fix cleared E0POE bit after cpu_suspend()/resume() - btrfs: always detect conflicting inodes when logging inode refs - [amd64] mei: me: add nova lake point S DID - lib/crypto: aes: Fix missing MMU protection for AES S-box - drm/amdgpu: Fix query for VPE block_type and ip_count - drm/radeon: Remove __counted_by from ClockInfoArray.clockInfo[] (Closes: #1122106) - [arm64,armhf] gpio: rockchip: mark the GPIO controller as sleeping - [arm64] pinctrl: qcom: lpass-lpi: mark the GPIO controller as sleeping - wifi: avoid kernel-infoleak from struct iw_point - wifi: mac80211: restore non-chanctx injection behaviour - libceph: prevent potential out-of-bounds reads in handle_auth_done() - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() - libceph: make free_choose_arg_map() resilient to partial allocation - libceph: return the handler error from mon_handle_auth_done() - libceph: reset sparse-read state in osd_fault() - libceph: make calc_target() set t->paused, not just clear it - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (CVE-2025-40149) - drm/xe: make xe_gt_idle_disable_c6() handle the forcewake internally - drm/xe: Ensure GT is in C0 during resumes - dm-snapshot: fix 'scheduling while atomic' on real-time kernels - NFSv4: ensure the open stateid seqid doesn't go backwards - [arm64] ASoC: rockchip: Fix Wvoid-pointer-to-enum-cast warning (again) - NFS: Fix up the automount fs_context to use the correct cred - drm/amd/display: shrink struct members - smb/client: fix NT_STATUS_UNABLE_TO_FREE_VM value - smb/client: fix NT_STATUS_DEVICE_DOOR_OPEN value - smb/client: fix NT_STATUS_NO_DATA_DETECTED value - scsi: ipr: Enable/disable IRQD_NO_BALANCING during reset - scsi: ufs: core: Fix EH failure after W-LUN resume error - scsi: Revert "scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed" - btrfs: fix qgroup_snapshot_quick_inherit() squota bug - btrfs: qgroup: update all parent qgroups when doing quick inherit - btrfs: tracepoints: use btrfs_root_id() to get the id of a root - btrfs: fix NULL dereference on root when tracing inode eviction - drm/amd/display: Respect user's CONFIG_FRAME_WARN more for dml files - drm/amd/display: Apply e4479aecf658 to dml - [arm64] dts: ti: k3-am62-lp-sk-nand: Rename pinctrls to fix schema warnings - [amd64] crypto: qat - fix duplicate restarting msg during AER error - [arm64] dts: add off-on-delay-us for usdhc2 regulator - netfilter: nft_set_pipapo: fix range overlap detection - netfilter: nft_synproxy: avoid possible data-race on update operation - [arm64,armhf] gpio: pca953x: Add support for level-triggered interrupts - [arm64,armhf] gpio: pca953x: handle short interrupt pulses on PCAL devices - netfilter: nf_tables: fix memory leak in nf_tables_newrule() - netfilter: nf_conncount: update last_gc only when GC has been performed - bridge: fix C-VLAN preservation in 802.1ad vlan_tunnel egress - [arm64] net: mscc: ocelot: Fix crash when adding interface under a lag - inet: ping: Fix icmp out counting - net: sock: fix hardened usercopy panic in sock_recv_errqueue - netdev: preserve NETIF_F_ALL_FOR_ALL across TSO updates - net/mlx5e: Don't print error message due to invalid module - net: wwan: iosm: Fix memory leak in ipc_mux_deinit() - bnxt_en: Fix potential data corruption with HW GRO/LRO - vsock: Make accept()ed sockets use custom setsockopt() - btrfs: only enforce free space tree if v1 cache is required for bs < ps cases - [riscv64] pgtable: Cleanup useless VA_USER_XXX definitions - net: fix memory leak in skb_segment_list for GRO packets - idpf: keep the netdev when a reset fails - idpf: fix memory leak in idpf_vport_rel() - idpf: cap maximum Rx buffer size - HID: quirks: work around VID/PID conflict for appledisplay - net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset - net: usb: pegasus: fix memory leak in update_eth_regs_async() - arp: do not assume dev_hard_header() does not change skb->head - erofs: don't bother with s_stack_depth increasing for now - erofs: fix file-backed mounts no longer working on EROFS partitions - ALSA: ac97bus: Use guard() for mutex locks - ALSA: ac97: fix a double free in snd_ac97_controller_register() - btrfs: fix error handling of submit_uncompressed_range() - btrfs: subpage: dump the involved bitmap when ASSERT() failed - btrfs: add extra error messages for delalloc range related errors - btrfs: remove btrfs_fs_info::sectors_per_page - btrfs: truncate ordered extent when skipping writeback past i_size - btrfs: use variable for end offset in extent_writepage_io() - btrfs: fix beyond-EOF write handling - bpf: Fix an issue in bpf_prog_test_run_xdp when page size greater than 4K - bpf: Make variables in bpf_prog_test_run_xdp less confusing - bpf: Support specifying linear xdp packet data size for BPF_PROG_TEST_RUN - bpf: Fix reference count leak in bpf_prog_test_run_xdp() - net: sfp: extend Potron XGSPON quirk to cover additional EEPROM variant - powercap: fix race condition in register_control_type() - powercap: fix sscanf() error return value handling - netfilter: nf_tables: avoid chain re-validation if possible - ata: libata-core: Disable LPM on ST2000DM008-2FR102 - drm/amd/display: Fix DP no audio issue - [arm64] spi: mt65xx: Use IRQF_ONESHOT with threaded IRQ - drm/amdkfd: Fix improper NULL termination of queue restore SMI event string - can: j1939: make j1939_session_activate() fail if device is no longer registered - ALSA: usb-audio: Update for native DSD support quirks - [amd64] ASoC: amd: yc: Add quirk for Honor MagicBook X16 2025 - ALSA: hda/realtek: enable woofer speakers on Medion NM14LNL - [arm64,armhf] ASoC: fsl_sai: Add missing registers to cache default - scsi: sg: Fix occasional bogus elapsed time that exceeds timeout - spi: cadence-quadspi: Prevent lost complete() call during indirect read - tpm2-sessions: Fix out of range indexing in name_size (CVE-2025-68792) - ALSA: hda: intel-dsp-config: Prefer legacy driver as fallback https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.67 - efi/cper: Fix cper_bits_to_str buffer handling and return value - Revert "gfs2: Fix use of bio_chain" - [amd64] x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 - xfrm: Fix inner mode lookup in tunnel mode GSO segmentation - xfrm: set ipv4 no_pmtu_disc flag only on output sa when direction is set - pNFS: Fix a deadlock when returning a delegation during open() - NFS: Fix a deadlock involving nfs_release_folio() - pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() - pnfs/blocklayout: Fix memory leak in bl_parse_scsi() - drm/vmwgfx: Merge vmw_bo_release and vmw_bo_free functions - PM: EM: Fix incorrect description of the cost field in struct em_perf_state - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec - btrfs: send: check for inline extents in range_is_hole_in_parent() - net: bridge: annotate data-races around fdb->{updated,used} - ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() - net: update netdev_lock_{type,name} - macvlan: fix possible UAF in macvlan_forward_source() - ipv4: ip_gre: make ipgre_header() robust - net/mlx5e: Fix crash on profile change rollback failure - net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv - net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv - net/mlx5e: Restore destroying state bit after profile cleanup - btrfs: factor out init_space_info() from create_space_info() - btrfs: factor out check_removing_space_info() from btrfs_free_block_groups() - btrfs: introduce btrfs_space_info sub-group - btrfs: fix memory leaks in create_space_info() error paths - ALSA: hda/cirrus_scodec_test: Fix incorrect setup of gpiochip - net: hv_netvsc: reject RSS hash key programming without RX indirection table - ipv6: Fix use-after-free in inet6_addr_del(). - net/sched: sch_qfq: do not free existing class in qfq_change_class() - [amd64] ASoC: sdw_utils: cs42l43: Enable Headphone pin for LINEOUT jack type - drm/amd/pm: fix smu overdrive data type wrong issue on smu 14.0.2 - mm: describe @flags parameter in memalloc_flags_save() - textsearch: describe @list member in ts_ops search - mm, kfence: describe @slab parameter in __kfence_obj_info() - [arm64] dmaengine: tegra-adma: Fix use-after-free - [arm64] phy: fsl-imx8mq-usb: Clear the PCS_TX_SWING_FULL field before using it - [arm64] phy: phy-snps-eusb2: refactor constructs names - phy: drop probe registration printks - [arm64] phy: qcom-qusb2: Fix NULL pointer dereference on early suspend - [armhf] phy: stm32-usphyc: Fix off by one in probe() - [armhf] dmaengine: omap-dma: fix dma_pool resource leak in error paths - [arm64] i2c: qcom-geni: make sure I2C hub controllers can't use SE DMA - HID: usbhid: paper over wrong bNumDescriptor field (Closes: #1122193) - bridge: mcast: Fix use-after-free during router port configuration (CVE-2025-38248) - [arm64] ASoC: codecs: wsa883x: fix unnecessary initialisation - drm/amd/display: mark static functions noinline_for_stack - io_uring: move local task_work in exit cancel loop - scsi: core: Fix error handler encryption support - ALSA: pcm: Improve the fix for race of buffer access at PCM OSS layer - null_blk: fix kmemleak by releasing references to fault configfs items - can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak - can: ctucanfd: fix SSP_SRC in cases when bit-rate is higher than 1 MBit. - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts - xfs: Fix the return value of xfs_rtcopy_summary() - lib/buildid: use __kernel_read() for sleepable context - [arm64] phy: rockchip: inno-usb2: fix communication disruption in gadget mode - [arm64,armhf] phy: ti: gmii-sel: fix regmap leak on probe failure - [arm64] phy: freescale: imx8m-pcie: assert phy reset during power on - [arm64] phy: rockchip: inno-usb2: fix disconnection in gadget mode - usb: dwc3: Check for USB4 IP_NAME - usb: core: add USB_QUIRK_NO_BOS for devices that hang on BOS descriptor - USB: OHCI/UHCI: Add soft dependencies on ehci_platform - USB: serial: option: add Telit LE910 MBIM composition - USB: serial: ftdi_sio: add support for PICAXE AXE027 cable - nvme-pci: disable secondary temp for Wodposit WPBSNM8 - [arm64] ASoC: codecs: wsa881x: fix unnecessary initialisation - ext4: fix iloc.bh leak in ext4_xattr_inode_update_ref - hrtimer: Fix softirq base check in update_needs_ipi() - [amd64] EDAC/x38: Fix a resource leak in x38_probe1() - [amd64] EDAC/i3200: Fix a resource leak in i3200_probe1() - tcpm: allow looking for role_sw device in the main node - i2c: riic: Move suspend handling to NOIRQ phase - [amd64] x86/resctrl: Add missing resctrl initialization for Hygon - [amd64] x86/resctrl: Fix memory bandwidth counter width for Hygon - nvme: fix PCIe subsystem reset controller state transition - mm/zswap: fix error pointer free in zswap_cpu_comp_prepare() - mm/page_alloc: make percpu_pagelist_high_fraction reads lock-free - mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure - drm/amd/display: Bump the HDMI clock to 340MHz - drm/amd: Clean up kfd node on surprise disconnect - drm/amdkfd: fix a memory leak in device_queue_manager_init() - drm/nouveau/disp/nv50-: Set lock_core in curs507a_prepare - [arm64,armhf] drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel - drm/vmwgfx: Fix an error return check in vmw_compat_shader_add() - [arm64] dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() - [armhf] dmaengine: stm32: dmamux: fix device leak on route allocation - [armhf] dmaengine: stm32: dmamux: fix OF node leak on route allocation failure - [armhf] dmaengine: ti: dma-crossbar: fix device leak on dra7x route allocation - [armhf] dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation - [amd64] HID: intel-ish-hid: Use dedicated unbound workqueues to prevent resume blocking - [amd64] HID: intel-ish-hid: Fix -Wcast-function-type-strict in devm_ishtp_alloc_workqueue() - btrfs: fix deadlock in wait_current_trans() due to ignored transaction type - xfs: set max_agbno to allow sparse alloc of last full inode chunk - mm/damon/sysfs-scheme: cleanup quotas subdirs on scheme dir setup failure - mm/damon/sysfs-scheme: cleanup access_pattern subdirs on scheme dir setup failure - bpf: Reject narrower access to pointer ctx fields (CVE-2025-38591) - mm/fake-numa: allow later numa node hotplug - mm: numa,memblock: include for 'numa_nodes_parsed' - [arm64] phy: phy-rockchip-inno-usb2: Use dev_err_probe() in the probe path - [arm64] phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() - [arm64] dmaengine: fsl-edma: Fix clk leak on alloc_chan_resources failure - mm/page_alloc/vmstat: simplify refresh_cpu_vm_stats change detection - mm/page_alloc: batch page freeing in decay_pcp_high - mm/page_alloc: prevent pcp corruption with SMP=n - mm/fake-numa: handle cases with no SRAT info https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.68 - posix-clock: Store file pointer in struct posix_clock_context - ptp: Add PHC file mode checks. Allow RO adjtime() without FMODE_WRITE. - dt-bindings: power: qcom,rpmpd: document the SM8750 RPMh Power Domains - dt-bindings: power: qcom,rpmpd: add Turbo L5 corner - dt-bindings: power: qcom-rpmpd: split RPMh domains definitions - dt-bindings: power: qcom,rpmpd: Add SC8280XP_MXC_AO - [arm64] pmdomain: qcom: rpmhpd: Add MXC to SC8280XP - Drivers: hv: Always do Hyper-V panic notification in hv_kmsg_dump() - btrfs: fix missing fields in superblock backup with BLOCK_GROUP_TREE - ata: ahci: Do not read the per port area for unimplemented ports - ata: libata-sata: Improve link_power_management_supported sysfs attribute - ata: libata: Add cpr_log to ata_dev_print_features() early return - ata: libata-core: Introduce ata_dev_config_lpm() - ata: libata: Call ata_dev_config_lpm() for ATAPI devices - ata: libata: Print features also for ATAPI devices - ice: initialize ring_stats->syncp - ice: Avoid detrimental cleanup for bond during interface stop - ice: Fix incorrect timeout ice_release_res() - igc: Restore default Qbv schedule when changing channels - igc: fix race condition in TX timestamp read for register 0 - vsock/virtio: Coalesce only linear skb - net: usb: dm9601: remove broken SR9700 support - bonding: limit BOND_MODE_8023AD to Ethernet devices - l2tp: Fix memleak in l2tp_udp_encap_recv(). - can: gs_usb: gs_usb_receive_bulk_callback(): unanchor URL on usb_submit_urb() error - sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT - [amd64,arm64] amd-xgbe: avoid misleading per-packet error log - gue: Fix skb memleak with inner IP protocol 0. - fou: Don't allow 0 for FOU_ATTR_IPPROTO. - veth: fix data race in veth_get_ethtool_stats - l2tp: avoid one data-race in l2tp_tunnel_del_work() - ipvlan: Make the addrs_lock be per port - [arm64] octeontx2: cn10k: fix RX flowid TCAM mask handling - net/sched: Enforce that teql can only be used as root qdisc - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec - wifi: mac80211: don't perform DA check on S1G beacon - serial: 8250_pci: Fix broken RS485 for F81504/508/512 - w1: therm: Fix off-by-one buffer overflow in alarms_store - w1: fix redundant counter decrement in w1_attach_slave_device() - Revert "nfc/nci: Add the inconsistency check between the input data length and count" - Input: i8042 - add quirks for MECHREVO Wujie 15X Pro - Input: i8042 - add quirk for ASUS Zenbook UX425QA_UM425QA - scsi: storvsc: Process unsupported MODE_SENSE_10 - scsi: xen: scsiback: Fix potential memory leak in scsiback_remove() - [arm64] dts: rockchip: remove dangerous max-link-speed from helios64 - [arm64] dts: rockchip: Fix voltage threshold for volume keys for Pinephone Pro - [amd64] x86/kfence: avoid writing L1TF-vulnerable PTEs - [amd64] comedi: Fix getting range information for subdevices 16 to 255 - [amd64] platform/x86: hp-bioscfg: Fix kobject warnings for empty attribute names - [amd64] platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro - mm/rmap: fix two comments related to huge_pmd_unshare() - io_uring/io-wq: check IO_WQ_BIT_EXIT inside work run loop - iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection - interconnect: debugfs: initialize src_node and dst_node to empty strings - regmap: Fix race condition in hwspinlock irqsave routine - [riscv64] clocksource: Fix stimecmp update hazard on RV32 - [amd64] platform/x86/amd: Fix memory leak in wbrf_record() - scsi: core: Wake up the error handler when final completions race against each other - scsi: qla2xxx: Sanitize payload size to prevent member overflow - ALSA: usb: Increase volume range that triggers a warning - ice: Fix persistent failure in ice_get_rxfh - [arm64] net: hns3: fix data race in hns3_fetch_stats - be2net: fix data race in be_get_new_eqd - [arm64] net: hns3: fix wrong GENMASK() for HCLGE_FD_AD_COUNTER_NUM_M - [arm64] net: hns3: fix the HCLGE_FD_AD_NXT_KEY error setting issue - mISDN: annotate data-race around dev->work - ipv6: annotate data-race in ndisc_router_discovery() - usbnet: limit max_mtu based on device's hard_mtu - clocksource: Reduce watchdog readout delay limit to prevent false positives - sched/fair: Fix pelt clock sync when entering idle - drm/amd/pm: Don't clear SI SMC table when setting power limit - drm/amd/pm: Workaround SI powertune issue on Radeon 430 (v2) - drm/nouveau: add missing DCB connector types - drm/nouveau: implement missing DCB connector types; gracefully handle unknown connectors - be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list - bonding: provide a net pointer to __skb_flow_dissect() - [arm64,armhf] net: dsa: fix off-by-one in maximum bridge ID determination - [arm64] octeontx2-af: Fix error handling - net: openvswitch: fix data race in ovs_vport_get_upcall_stats - vsock/virtio: fix potential underflow in virtio_transport_get_credit() - vsock/virtio: cap TX credit to local buffer size - net/sched: act_ife: avoid possible NULL deref - dpll: Prevent duplicate registrations - [amd64] x86: make page fault handling disable interrupts properly - tpm: Compare HMAC values in constant time - keys/trusted_keys: fix handle passed to tpm_buf_append_name during unseal - leds: led-class: Only Add LED to leds_list when it is fully ready - of: fix reference count leak in of_alias_scan() - of: platform: Use default match table for /firmware - iio: accel: iis328dq: fix gain values - iio: adc: ad9467: fix ad9434 vref mask - iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver - iio: adc: pac1934: Fix clamped value in pac1934_reg_snapshot - iio: dac: ad5686: add AD5695R to ad5686_chip_info_tbl - ALSA: ctxfi: Fix potential OOB access in audio mixer handling (Closes: #1121535) - ALSA: scarlett2: Fix buffer overflow in config retrieval - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() - mmc: rtsx_pci_sdmmc: implement sdmmc_card_busy function - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode - drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit) - wifi: ath10k: fix dma_free_coherent() pointer - wifi: ath12k: fix dma_free_coherent() pointer - wifi: mwifiex: Fix a loop in mwifiex_update_ampdu_rxwinsize() - wifi: rsi: Fix memory corruption due to not set vif driver data size - [arm64] fpsimd: signal: Allocate SSVE storage when restoring ZA - [arm64] Set __nocfi on swsusp_arch_resume() - slimbus: core: fix runtime PM imbalance on report present - slimbus: core: fix device reference leak on report present - tracing: Fix crash on synthetic stacktrace field usage - [amd64] intel_th: fix device leak on output open() - mei: trace: treat reg parameter as string - [s390x] ap: Fix wrong APQN fill calculation - netrom: fix double-free in nr_route_frame() - [amd64] platform/x86: hp-bioscfg: Fix automatic module loading - [arm64] pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu - [amd64] perf/x86/intel: Do not enable BTS for guests - [arm64,armhf] irqchip/gic-v3-its: Avoid truncating memory addresses - net: sfp: add potron quirk to the H-COM SPP425H-GAB4 SFP+ Stick - can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak - can: mcba_usb: mcba_usb_read_bulk_callback(): fix URB memory leak - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak - drm/amdgpu: remove frame cntl for gfx v12 - gpio: cdev: Correct return code on memory allocation failure - migrate: correct lock ordering for hugetlb file folios - [arm64] dmaengine: ti: k3-udma: Enable second resource range for BCDMA and PKTDMA - can: esd_usb: esd_usb_read_bulk_callback(): fix URB memory leak - bpf: Do not let BPF test infra emit invalid GSO types to stack (CVE-2025-68725) - [arm64] dts: rockchip: remove redundant max-link-speed from nanopi-r4s - iio: core: add missing mutex_destroy in iio_dev_release() - iio: core: Replace lockdep_set_class() + mutex_init() by combined call - iio: core: add separate lockdep class for info_exist_lock - [armhf] iio: adc: exynos_adc: fix OF populate on driver rebind - exfat: fix refcount leak in exfat_find (CVE-2025-68351) - sched_ext: Fix possible deadlock in the deferred_irq_workfn() (CVE-2025-68333) - fs/ntfs3: Initialize allocated memory before use (CVE-2025-68365) - [amd64] accel/ivpu: Fix race condition when unbinding BOs (CVE-2025-68749) - btrfs: fix racy bitfield write in btrfs_clear_space_info_full() (CVE-2025-68358) - wifi: ath11k: fix RCU stall while reaping monitor destination ring (CVE-2024-58097) - vsock/virtio: Move length check to callers of virtio_vsock_skb_rx_put() - vsock/virtio: Rename virtio_vsock_alloc_skb() - vsock/virtio: Move SKB allocation lower-bound check to callers - vsock/virtio: Rename virtio_vsock_skb_rx_put() - vhost/vsock: Allocate nonlinear SKBs for handling large receive buffers - vsock/virtio: Allocate nonlinear SKBs for handling large transmit buffers - net: Introduce skb_copy_datagram_from_iter_full() - vsock/virtio: Fix message iterator handling on transmit path https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.69 - Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work - Bluetooth: MGMT: Fix memory leak in set_ssp_complete - net/mlx5: Fix memory leak in esw_acl_ingress_lgcy_setup() - can: gs_usb: gs_usb_receive_bulk_callback(): fix error message - bonding: annotate data-races around slave->last_rx - [arm64,armhf] net: mvpp2: cls: Fix memory leak in mvpp2_ethtool_cls_rule_ins() - ipv6: use the right ifindex when replying to icmpv6 from localhost - net: wwan: t7xx: fix potential skb->frags overflow in RX path - nfc: llcp: Fix memleak in nfc_llcp_send_ui_frame(). - ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues - ice: stop counting UDP csum mismatch as rx_errors - net/mlx5e: TC, delete flows only for existing peers - nfc: nci: Fix race between rfkill and nci_unregister_device(). - net: bridge: fix static key check - net: phy: micrel: fix clk warning when removing the driver - net/mlx5: fs, Fix inverted cap check in tx flow table root disconnect - net/mlx5: Initialize events outside devlink lock - net/mlx5: Fix vhca_id access call trace use before alloc - net/mlx5e: Skip ESN replay window setup for IPsec crypto offload - scsi: firewire: sbp-target: Fix overflow in sbp_make_tpg() - [amd64] ASoC: Intel: sof_es8336: fix headphone GPIO logic inversion - gpiolib: acpi: use BIT_ULL() for u64 mask in address space handler - gpio: virtuser: fix UAF in configfs release path - bcache: fix improper use of bi_end_io - bcache: use bio cloning for detached device requests - bcache: fix I/O accounting leak in detached_dev_do_request - dma/pool: distinguish between missing and exhausted atomic pools - sched/deadline: Document dl_server - sched/deadline: Fix 'stuck' dl_server - [arm64,armhf] pinctrl: meson: mark the GPIO controller as sleeping - [riscv64] compat: fix COMPAT_UTS_MACHINE definition - scsi: be2iscsi: Fix a memory leak in beiscsi_boot_get_sinfo() - [amd64] ASoC: amd: yc: Add DMI quirk for Acer TravelMate P216-41-TCO - [arm64,armhf] gpio: pca953x: mask interrupts in irq shutdown - scsi: qla2xxx: edif: Fix dma_free_coherent() size - efivarfs: fix error propagation in efivar_entry_get() - nvmet: fix race in nvmet_bio_done() leading to NULL pointer dereference (Closes: #1122521) - gpio: rockchip: Stop calling pinctrl for set_direction - mptcp: only reset subflow errors when propagated - flex_proportions: make fprop_new_period() hardirq safe - mm/memory-failure: fix missing ->mf_stats count in hugetlb poison - mm/memory-failure: teach kill_accessing_process to accept hugetlb tail page pfn - mm/shmem, swap: fix race of truncate and swap entry split - net: fix segmentation of forwarding fraglist GRO - [arm64] drm/msm/a6xx: fix bogus hwcg register updates - drm/amdgpu/soc21: fix xclk for APUs - drm/amdgpu/gfx10: fix wptr reset in KGQ init - drm/amdgpu/gfx11: fix wptr reset in KGQ init - drm/amdgpu/gfx12: fix wptr reset in KGQ init - drm/amdgpu: fix NULL pointer dereference in amdgpu_gmc_filter_faults_remove - drm/amdgpu: Fix cond_exec handling in amdgpu_ib_schedule() - gpiolib: acpi: Fix potential out-of-boundary left shift - cgroup: Fix kernfs_node UAF in css_free_rwork_fn - rxrpc: Fix data-race warning and potential load/store tearing - ksmbd: smbd: fix dma_unmap_sg() nents (CVE-2026-23093) - mm/kfence: randomize the freelist on initialization - wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode (CVE-2024-58096) - Revert "drm/nouveau/disp: Set drm_mode_config_funcs.atomic_(check|commit)" - btrfs: prevent use-after-free on folio private data in btrfs_subpage_clear_uptodate() - net/sched: act_ife: convert comma to semicolon - [arm64] pinctrl: qcom: sm8350-lpass-lpi: Merge with SC7280 to fix I2S2 and SWR TX pins - mptcp: avoid dup SUB_CLOSED events after disconnect - perf: Simplify get_perf_callchain() user logic - perf: sched: Fix perf crash with new is_user_task() helper - writeback: fix 100% CPU usage when dirtytime_expire_interval is 0 - drm/amdgpu/gfx11: adjust KGQ reset sequence - [arm64] pinctrl: lpass-lpi: implement .get_direction() for the GPIO driver - net: mana: Change the function signature of mana_get_primary_netdev_rcu - RDMA/mana_ib: Handle net event for pointing to the current netdev . [ Macpaul Lin ] * udeb: Add USB TYPE-C and Mux modules in usb-modules (Closes: #1109090) . [ Salvatore Bonaccorso ] * fs/nfsd: Enable NFSD_SCSILAYOUT (NFSv4.1 server support for pNFS SCSI layouts) * [rt] Update to 6.12.66-rt15 linux-signed-arm64 (6.12.69+1~bpo12+1) bookworm-backports; urgency=medium . * Sign kernel from linux 6.12.69-1~bpo12+1 . * Rebuild for bookworm-backports lxc (1:6.0.4-4+deb13u2) trixie; urgency=medium . * Cherry-pick upstream fix for data corruption during heavy IO on PTS * Update lxc-default-with-nesting apparmor profile (Closes: #1111087) lxd (5.0.2+git20231211.1364ae4-9+deb13u3) trixie-security; urgency=high . * Cherry-pick fixes for the following security issues: - CVE-2026-23953 / GHSA-x6jc-phwx-hp32 - CVE-2026-23954 / GHSA-7f67-crqm-jgh7 mariadb (1:11.8.6-0+deb13u1) trixie; urgency=medium . [ Otto Kekäläinen ] * New upstream maintenance release 11.8.6. For details about fixes please see https://mariadb.com/docs/release-notes/community-server/11.8/11.8.6 * For details about fixes in 11.8.5 please see https://mariadb.com/docs/release-notes/community-server/11.8/11.8.5 and the security notices: - CVE-2025-13699 - CVE-2026-21968 * For details about fixes in 11.8.4 please see https://mariadb.com/docs/release-notes/community-server/11.8/11.8.4 * The version 11.8.4 was skipped in Debian (and Ubuntu) as it has a severe regression causing partial data deletion when using the DELETE statement on MyISAM or Aria tables under specific conditions (MDEV-38068) * Already existing plugins marked ready for general availability by upstream in this release: uuid_v4, uuid_v7 and inet4 * Upstream 11.8.5 included fix to MDEV-36556 about upgrades failing from 10.4 when encryption enabled (Closes: #1122811) * Add debian/source/local-options to suppress WolfSSL line ending errors * Patch new upstream test main.alter_merge to allow 'from Debian' * Fix path to mariadb-server.README in mariadb-secure-install (Closes: #1127863) * Add preliminary upstream patch to fix MDEV-38811 that affected Akonadi and any other use case that relies on 'skip-grant-tables' (Closes: #1127431) * Update patch statuses and Forwarded fields to aid patch maintenance in future new upstream version updates * Update server trace to include new 'new-mode' value 'FIX_INDEX_LOOKUP_COST' * Salsa CI: Apply several fixes already in use on debian/latest branch and which are needed on this branch as well due to external changes since August 2026, most notably Salsa CI switching to be sbuild based . [ Daniel Black ] * MDEV-37411: Re-enable AIO in Debian to fix earlier incomplete fix that was done after new upstream 11.8.3 release introduced innodb_linux_aio * MDEV-15502: With recent changes in upstream systemd, the tmpfiles are now required, otherwise starting MariaDB would fail on error: "cannot create /run/mysqld/wsrep-start-position: Directory nonexistent" mariadb (1:11.8.5-4) unstable; urgency=medium . [ Otto Kekäläinen ] * Add tentative upstream patch to fix amd64v3 build issues (MDEV-38398) * Drop redundant `Priority: optional` * Update Debian copyright for 2026 * Bump Debian Policy version . [ Aquila Macedo ] * Drop obsolete library-not-linked-against-libc overrides * Ship upstream sysusers.d mariadb.conf in mariadb-server (Closes: #1028271) * Add patch sysusers-lock-mysql-account.patch * Create mysql via sysusers in postinst, drop preinst adduser handling * Drop adduser pre-depends, depend on systemd-sysusers provider * Clarify NIS/YP debconf note for sysusers mysql account creation * Update all translations to match updated template mariadb (1:11.8.5-3) unstable; urgency=medium . * MDEV-23538: Rename mariadb.pc to mariadb-server-embedded.pc to avoid confusion, as well as sync other misc Debian packaging improvements from upstream * Drop transitional dummy package `mariadb-server-10.5` * Make mariadb-test-run logs more informative to make debugging failures in Debian/Ubuntu build and autopkgtest logs easier * Remove override for test 'main.mysql-interactive' and extensively document and ensure all the mariadb-test-run skip lists are current * Add tentative upstream patch to fix main.mysqld--help-aria test failure * Add upstream patch to fix test innodb_log_file_size failures * Add upstream patch to fix test innodb.log_corruption_recovery failures * Add patch to fix Spider test failures in networkless environments mariadb (1:11.8.5-3~exp3) experimental; urgency=medium . * Upload to experimental test if builds, post-build tests and autopkgtest all pass. mariadb (1:11.8.5-3~exp2) experimental; urgency=medium . * Upload to experimental test if builds, post-build tests and autopkgtest all pass. mariadb (1:11.8.5-3~exp1) experimental; urgency=medium . * Reset all unstable test lists to see which ones are still happening, and upload to Debian experimental mariadb (1:11.8.5-2) unstable; urgency=medium . [ Aquila Macedo ] * Relax perl client dependencies in mariadb-client (Closes: #1115678) . [ Otto Kekäläinen ] * Make all MariaDB client plugins available in server plugin path * Ensure dh_missing runs as intended in debian/rules * Install upstream generated symlinks/binaries/manpages * Fix misc typos and in Debian packaging * Update Lintian overrides to clean away false positives and remove obsolete Lintian overrides . [ MichaIng ] * Make mariadb-common postinstallation script robust for situations where the /etc/mysql/mariadb.cnf file for any reason was deleted on the system so that the install/upgrade completes regardless mariadb (1:11.8.5-1) unstable; urgency=medium . [ Otto Kekäläinen ] * New upstream maintenance release 11.8.5. For details about fixes please see https://mariadb.com/docs/release-notes/community-server/11.8/11.8.5 * The version 11.8.4 was skipped in Debian (and Ubuntu) as it has a severe regression causing partial data deletion when using the DELETE statement on MyISAM or Aria tables under specific conditions (MDEV-38068) * For details about fixes in 11.8.4 please see https://mariadb.com/docs/release-notes/community-server/11.8/11.8.4 * This release does _not_ include any CVE tracked security fixes as per https://mariadb.com/docs/server/security/securing-mariadb/security * The MariaDB 11.8.4 did have a fix for mariadb-dump failing to run if a for any table with a slash in the name. This has no actual exploit and requires the attacker to already have access to the database so they can create tables with arbitrary names. Trend Micro did however publish: - CVE-2025-13699 * Update server trace to include new parameters and values * Already existing plugins marked ready for general availability by upstream in this release: uuid_v4, uuid_v7 and inet4 * Add Lintian override for false error in test plugin * Patch new upstream test main.alter_merge to allow 'from Debian' * Add libcrypt-dev to Build-Depends (Closes: #1106944) * Extend unstable tests to skip for sparc64 and x32 * Remove Rules-Requires-Root * Update patch Forwarded fields to reflect latest status * Salsa CI: Disable running `gbp setup-gitattributes` * Salsa CI: Fix typos introduced in 855bc4f6 * Salsa CI: Disable the new 'debrebuild' job for MariaDB due to timeouts . [ Daniel Black ] * MDEV-37411: Re-enable AIO in Debian * MDEV-15502: use tmpfiles with systemd (Closes: #1028272) * MDEV-37776: shlibs:Depends shouldn't be explicit . [ Jean Weisbuch ] * MDEV-37852: Fix mytop connection to localhost (Closes: #1109394) . [ Christian Hesse ] * MDEV-35904/MDEV-19210: use environment file in systemd units for _WSREP_START_POSITION (Closes: #1105029) . [ Aquila Macedo ] * Add patch for new PCRE2 version 10.47 offset change (Closes: #1119866) * Salsa CI: install build-essential for Python-MySQLdb job (Closes: #1121027) * Salsa CI: keep provider plugins in sync in bookworm -> sid upgrade job . [ Sergei Golubchik ] * MDEV-37600: Implement caching_sha2_password plugin for MySQL compatibility . [ Helge Kreutzmann ] * Update German translation of debconf messages (Closes: #1120669) mariadb (1:11.8.3-1) unstable; urgency=medium . [ Otto Kekäläinen ] * New upstream maintenance release 11.8.3. For details about fixes please see https://mariadb.com/kb/en/mariadb-11-8-3-release-notes/ * Drop Hurd patches that are now included upstream * Update configuration traces to include new upstream system variables: - analyze-max-length (default: 4294967295) - innodb-linux-aio (default: auto) * Suppress new native AIO warning introduced in upstream a87bb96 to avoid mariadb-test-run failing on on something that isn't a real issue * New upstream release includes fix for MDEV-36815 that yielded "ERROR 1267 (HY000): Illegal mix of collations" on some systems when restarting the MariaDB service in Debian (Closes: #1104533) * Remove obsolete cleanup as upstream moved pam_mariadb_mtr.so in c05b1fe * Salsa CI: Use full MariaDB package set in Bookworm MariaDB 10.6 upgrade * Salsa CI: Automatically use archive.d.o for discontinued releases . [ Lena Voytek ] * Do not hardcode libxml2 dependency in mariadb-plugin-connect (Closes: #1106889) modsecurity-crs (3.3.7-1+deb13u1) trixie-security; urgency=medium . * Fixes CVE-2026-21876 (Closes: #1125084) mpg123 (1.32.10-1+deb13u1) trixie; urgency=medium . * debian/gbp.conf: Switch to trixie branch * debian/patches: Do not modify raw ID3v2 data while parsing (Closes: #1129616) munge (0.5.16-1.1~deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for trixie-security . munge (0.5.16-1.1) unstable; urgency=high . * Non-maintainer upload. * Fix out-of-bounds read in credential decoding * Fix buffer overflow when unpacking message address length (CVE-2026-25506) net-snmp (5.9.4+dfsg-2+deb13u1) trixie-security; urgency=high . * Security patch - Fixed a critical vulnerability in snmptrapd triggered by a specially crafted trap CVE-2025-68615 Closes: #1123861 nginx (1.26.3-3+deb13u2) trixie-security; urgency=medium . * d/p/CVE-2026-1642: backport upstream patch for CVE-2026-1642. Fixes problem when an attacker with a man-in-the-middle position on the upstream server side—along with conditions beyond the attacker's control—may be able to inject plain text data into the response from an upstream proxied server. node-proxy-agents (0~2024040606-6+deb13u1) trixie; urgency=medium . * Team upload * Fix basic-ftp traversal vulnerability (Closes: #1129093, CVE-2026-27699) nova (2:31.0.0-6+deb13u2) trixie-security; urgency=high . * CVE-2026-24708/OSSA-2026-002: By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's flat image backend to call qemu-img without a format restriction resulting in an unsafe image resize operation that could destroy data on the host system. Appiled upstream patch (Closes: #1128294): - cve-2026-24708-make-disk.extend-pass-format-to-qemu-img-2025.1.patch nss (2:3.110-1+deb13u1) trixie-security; urgency=medium . * CVE-2026-2781 open-iscsi (2.1.11-1+deb13u2) trixie; urgency=medium . * Team upload * [bfe3448] cherry-pick fix for discovering 'static' nodes (Closes: #1129063) openjdk-21 (21.0.10+7-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie openjdk-21 (21.0.10~6ea-1) unstable; urgency=medium . * OpenJDK 21.0.10 early access, build 6. * Update override comments for unstripped-binary-or-object. We need to keep symbols for Native Memory Tracking to work. * d/{JB-doc.overrides.in, JB-jre-headless.overrides.in}: Add override for old FSF copyright address. * d/s/lintian-overrides: Override false positive debian-rules-calls- nproc. The utility is used to log the number of processors. * d/t/control.in: dependencies.sh test needs only jre-headless package, remove flaky and skippable flags. openjdk-21 (21.0.10~4ea-1) unstable; urgency=medium . * OpenJDK 21.0.10 early access, build 4. . [ Matthias Klose ] * d/rules: Adjust any_archs, hppa is unlikely to get fixed for the opposite stack frame growth. * d/rules: Run the testsuite for loong64. openjdk-21 (21.0.9+10-1) unstable; urgency=medium . * OpenJDK 21.0.9 release, build 10. - CVEs: + CVE-2025-53057, 8360937: Enhance certificate handling. + CVE-2025-53066, 8356294: Enhance Path Factories. + CVE-2025-61748, 8359454: Enhance String handling. . [ Vladimir Petko ] * d/t/dependencies.sh: Relax test assertion for PC/SC library. * d/p/jdk-8369450.patch: Fix ftbfs due to rust-coreutils date. LP: #2127120. * d/rules: Run jtreg autopkgtests only on jtreg architectures. * d/t/{hotspot-autopkgtest.in, jdk-autopkgtest.in}: Skip tests that require a large amount of memory. * d/t/{control,hotspot-autopkgtest.sh, jdk-autopkgtest.sh}: Regenerate. openjdk-25 (25.0.2+10-1~deb13u2) trixie-security; urgency=medium . * Rebuild for trixie, now with jtreg8 re-enabled (since it's now been available via a backport released via trixie-security) openjdk-25 (25.0.1+8-3) unstable; urgency=medium . * d/t/control.in: Remove flaky and skippable flag from dependencies.sh test and install only jre package. * d/t/control: Regenerate. openjdk-25 (25.0.1+8-2) unstable; urgency=medium . [ Matthias Klose ] * d/rules: Adjust any_archs, hppa is unlikely to get fixed for the opposite stack frame growth. * d/rules: Run the testsuite for loong64. * Regenerate the watch file. . [ Vladimir Petko ] * d/{rules/control.in/test/control.in}: Replace dbus-x11 with dbus- daemon dependency. Closes: #1117100. * d/control: d/test/control: Regenerate. * d/README.{Debian,source}: Update package readme files. * d/rules: Use generic code to replace bundled jquery. * d/JB-doc.overrides.in: Drop binary package bundled jquery override. The override is not needed for the binary package. * d/s/lintian-overrides: Update jquery override override comment. * Update unstripped-binary-or-object override comments. OpenJDK needs symbols for Native Memory Tracking. openjdk-25 (25.0.1+8-1) unstable; urgency=medium . * OpenJDK 25.0.1 release, build 8. - CVEs: + CVE-2025-53057, 8360937: Enhance certificate handling. + CVE-2025-53066, 8356294: Enhance Path Factories. + CVE-2025-61748, 8359454: Enhance String handling. . [ Vladimir Petko ] * d/s/lintian-overrides: Override false positive nproc warning. * d/{JB-doc.overrides.in, JB-jre-headless.overrides.in}: Add override for old FSF copyright address. * d/JB-jvmci-jdk.overrides.in: Update overrides for jvmci package. * d/t/problems.csv: DocRootDirPermissionsTest.java - Fix typo in the test name. * d/t/problems.csv: Synchronize problem list. * d/t/dependencies.sh: Relax test assertion for PC/SC library. * d/rules: Prefer openjdk-25 for bootstrap. * d/control: Regenerate. * d/p/jdk-8369450.patch: Fix ftbfs due to rust-coreutils date. LP: #2127120. * Security Manager was removed in -25, so the JDK image no longer has default.policy and java.policy. * jaxp-strict.properties.template was moved by d/rules to jaxp-strict.properties, but we still created symlink to jaxp-strict.properties.template. Replace mv with cp so that link to jaxp-strict.properties.template is not broken. * d/rules: Run jtreg autopkgtests only on jtreg architectures. * d/t/{hotspot-autopkgtest.in, jdk-autopkgtest.in}: Skip tests that require a large amount of memory. * d/t/{control,hotspot-autopkgtest.sh, jdk-autopkgtest.sh}: Regenerate. * d/p/jdk-8370049-proposed.patch: s390x G1 barrier compare and exchange operation should update output parameter instead of input. LP: #2127750. . [ Matthias Klose ] * d/rules: Let the install target depend on the build target. Closes: #1105520. * Update the location of the upstream VCS. openssh (1:10.0p1-7+deb13u1) trixie; urgency=medium . * CVE-2025-61984: ssh(1): disallow control characters in usernames passed via the commandline or expanded using %-sequences from the configuration file (closes: #1117529). * CVE-2025-61985: ssh(1): disallow \0 characters in ssh:// URIs (closes: #1117530). * Fix mistracking of MaxStartups process exits in some situations (closes: #1080350). openssl (3.5.5-1~deb13u1) trixie; urgency=medium . * Import 3.5.5 openssl (3.5.4-1) unstable; urgency=medium . * Import 3.5.4 - CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap) - CVE-2025-9231 (Timing side-channel in SM2 algorithm on 64 bit ARM) - CVE-2025-9232 (Out-of-bounds read in HTTP client no_proxy handling) openssl (3.5.4-1~deb13u2) trixie-security; urgency=medium . * CVE-2025-11187 (Improper validation of PBMAC1 parameters in PKCS#12 MAC verification) * CVE-2025-15467 (Stack buffer overflow in CMS AuthEnvelopedData parsing) * CVE-2025-15468 (NULL dereference in SSL_CIPHER_find() function on unknown cipher ID) * CVE-2025-15469 ("openssl dgst" one-shot codepath silently truncates inputs >16MB) * CVE-2025-66199 (TLS 1.3 CompressedCertificate excessive memory allocation) * CVE-2025-68160 (Heap out-of-bounds write in BIO_f_linebuffer on short writes) * CVE-2025-69418 (Unauthenticated/unencrypted trailing bytes with low-level OCB function calls) * CVE-2025-69419 (Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion) * CVE-2025-69420 (Missing ASN1_TYPE validation in TS_RESP_verify_response() function) * CVE-2025-69421 (NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function) * CVE-2026-22795 (Missing ASN1_TYPE validation in PKCS#12 parsing) * CVE-2026-22796 (ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function) passt (0.0~git20250503.587980c-2+deb13u1) trixie; urgency=medium . * patches: Bump AppArmor ABI version to 4.0 and explicitly enable user namespace creation (Closes: #1124801) pcsx2 (1.6.0+dfsg-3+deb13u1) trixie; urgency=medium . [ Sébastien Noel ] * Backport security fix for CVE-2025-49589. pdns-recursor (5.2.8-0+deb13u1) trixie-security; urgency=medium . * New upstream version 5.2.8, fixing CVE-2026-24027 CVE-2026-0398 (Closes: #1127490) pdudaemon (0.0.8.109.gaa25f15-2.1+deb13u1) trixie; urgency=medium . * Backport patch to add setuputils to runtime dependencies (Closes: #1127864) phpunit (11.5.19-1+deb13u1) trixie; urgency=medium . * Track debian/trixie * Fix Unsafe Deserialization in PHPT Code Coverage Handling [CVE-2026-24765] * Workaround empty file not added by patch pillow (11.1.0-5+deb13u1) trixie-security; urgency=medium . * CVE-2026-25990 (Closes: #1127925) plastimatch (1.10.0+dfsg.2-1~deb13u1) trixie; urgency=medium . * Team upload. * Backport removal of non-free files to trixie. (Changes in the repack tooling also resulted in the removal of upstream source files .gitlab-ci.yml and .gitignore.) * Revert unstable changes irrelevant for trixie: - "d/control: declare compliance to standards version 4.7.3. - "d/control: drop redundant Rules-Requires-Root: no. - "d/control: drop redundant Priority: optional. - "d/t/control: drop deprecated skip-not-installable restriction. - "cmake4.patch: fix build failure with cmake 4. * d/watch: rollback to watch file version 4. This change preserves the bump to +dfsg.2. . plastimatch (1.10.0+dfsg.2-1) unstable; urgency=medium . * Team upload. * d/copyright: exclude files preventing commercial uses. * d/watch: bump to +dfsg.2 repack suffix. This change also converts the watch file to v5 uscan Gitlab template. * New upstream repack 1.10.0+dfsg.2 (Closes: #1124959) * cmake4.patch: fix build failure with cmake 4. (Closes: #1125557) * d/copyright: remove superfluous file pattern. * d/t/control: drop deprecated skip-not-installable restriction. * d/control: drop redundant Priority: optional. * d/control: drop redundant Rules-Requires-Root: no. * d/control: declare compliance to standards version 4.7.3. * d/salsa-ci.yml: disable i386 builds. policyd-rate-limit (1.2.0-1.1+deb13u1) trixie; urgency=medium . * Team upload. * Apply patch from Borut Mrak for python 3.12. Closes: #1128265. postgresql-17 (17.9-0+deb13u1) trixie; urgency=medium . * New upstream version 17.9. . + Fix failure after replaying a multixid truncation record from WAL that was generated by an older minor version (Heikki Linnakangas) . Erroneous logic for coping with the way that previous versions handled multixid wraparound led to replay failure, with messages like "could not access status of transaction". A typical scenario in which this could occur is a standby server of the latest minor version consuming WAL from a primary server of an older version. . + Avoid incorrect complaint of invalid encoding when substring() is applied to toasted data (Noah Misch) . The fix for CVE-2026-2006 was too aggressive and could raise an error about an incomplete character in cases that are actually valid. postgresql-17 (17.8-0+deb13u1) trixie-security; urgency=medium . * New upstream version 17.8. . + Guard against unexpected dimensions of oidvector/int2vector (Tom Lane) . These data types are expected to be 1-dimensional arrays containing no nulls, but there are cast pathways that permit violating those expectations. Add checks to some functions that were depending on those expectations without verifying them, and could misbehave in consequence. . The PostgreSQL Project thanks Altan Birler for reporting this problem. (CVE-2026-2003) . + Harden selectivity estimators against being attached to operators that accept unexpected data types (Tom Lane) . contrib/intarray contained a selectivity estimation function that could be abused for arbitrary code execution, because it did not check that its input was of the expected data type. Third-party extensions should check for similar hazards and add defenses using the technique intarray now uses. Since such extension fixes will take time, we now require superuser privilege to attach a non-built-in selectivity estimator to an operator. . The PostgreSQL Project thanks Daniel Firer, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2004) . + Fix buffer overrun in contrib/pgcrypto's PGP decryption functions (Michael Paquier) . Decrypting a crafted message with an overlength session key caused a buffer overrun, with consequences as bad as arbitrary code execution. . The PostgreSQL Project thanks Team Xint Code, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2005) . + Fix inadequate validation of multibyte character lengths (Thomas Munro, Noah Misch) . Assorted bugs allowed an attacker able to issue crafted SQL to overrun string buffers, with consequences as bad as arbitrary code execution. After these fixes, applications may observe invalid byte sequence for encoding errors when string functions process invalid text that has been stored in the database. . The PostgreSQL Project thanks Paul Gerste and Moritz Sanft, as part of zeroday.cloud, for reporting this problem. (CVE-2026-2006) pyasn1 (0.6.1-1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fixed continuation octet limits in OID/RELATIVE-OID decoder (CVE-2026-23490) (Closes: #1125753) python-cryptography (43.0.0-3+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2026-26007: Missing validation in EC public key creation. (Closes: #1127926) python-django (3:4.2.28-0+deb13u1) trixie-security; urgency=high . * New upstream security release: . - CVE-2025-13473: The check_password function in django.contrib.auth.handlers.modwsgi for authentication via mod_wsgi allowed remote attackers to enumerate users via a timing attack. . - CVE-2025-14550: When receiving duplicates of a single header, ASGIRequest allowed a remote attacker to cause a potential denial-of-service via a specifically created request with multiple duplicate headers. The vulnerability resulted from repeated string concatenation while combining repeated headers, which produced super-linear computation resulting in service degradation or outage. . - CVE-2026-1207: Raster lookups on RasterField (only implemented on PostGIS) allowed remote attackers to inject SQL via the band index parameter. . - CVE-2026-1285: The django.utils.text.Truncator.chars() and Truncator.words() methods (with html=True) and the truncatechars_html and truncatewords_html template filters allowed a remote attacker to cause a potential denial-of-service via crafted inputs containing a large number of unmatched HTML end tags. . - CVE-2026-1287: FilteredRelation was subject to SQL injection in column aliases via control characters using a suitably crafted dictionary, with dictionary expansion, as the **kwargs passed to QuerySet methods annotate(), aggregate(), extra(), values(), values_list() and alias(). . - CVE-2026-1312: QuerySet.order_by() was subject to SQL injection in column aliases containing periods when the same alias is, using a suitably crafted dictionary, with dictionary expansion, used in FilteredRelation. . (Closes: #1126914) python-django (3:4.2.27-2) unstable; urgency=medium . * Team upload. * Backport various upstream fixes for newer Python versions (closes: #1122185): - Fixed tests for test --parallel option on Python 3.14+. - Fixed copying BaseContext and its subclasses on Python 3.14+. - Fixed OtherModelFormTests.test_prefetch_related_queryset() test on Python 3.14+. - Adjusted test_strip_tags following Python behavior change for incomplete entities. * Revert "Mark that Python 3.14 is not supported yet", since it now is. python-django (3:4.2.27-1) unstable; urgency=medium . * New upstream security release. . - CVE-2025-13372: Fix a potential SQL injection attack in FilteredRelation column aliases when using PostgreSQL. FilteredRelation was subject to SQL injection in column aliases via a suitably crafted dictionary as the **kwargs passed to QuerySet.annotate() or QuerySet.alias(). . - CVE-2025-64460: Prevent a potential denial-of-service vulnerability in XML serializer text extraction. An algorithmic complexity issue in django.core.serializers.xml_serializer.getInnerText() allowed a remote attacker to cause a potential denial-of-service triggering CPU and memory exhaustion via a specially crafted XML input submitted to a service that invokes XML Deserializer. The vulnerability resulted from repeated string concatenation while recursively collecting text nodes, which produced superlinear computation. . (Closes: #1121788)) . * Mark that Python 3.14 is not supported yet. python-django (3:4.2.27-0+deb13u1) trixie-security; urgency=high . * New upstream security release: . - CVE-2025-13372: Fix a potential SQL injection attack in FilteredRelation column aliases when using PostgreSQL. FilteredRelation was subject to SQL injection in column aliases via a suitably crafted dictionary as the **kwargs passed to QuerySet.annotate() or QuerySet.alias(). . - CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases. The FilteredRelation feature in Django was subject to a potential SQL injection vulnerability in column aliases that was exploitable via suitably crafted dictionary with dictionary expansion as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). This CVE was fixed in Django 4.2.24. (Closes: #1113865) . - CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate() and extra() on MySQL and MariaDB. QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate() and QuerySet.extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary with dictionary expansion as the **kwargs passed to these methods on MySQL and MariaDB. This CVE was fixed in Django 4.2.25. . - CVE-2025-59682: Potential partial directory-traversal via archive.extract(). The django.utils.archive.extract() function, used by startapp --template and startproject --template allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory. This CVE was fixed in Django 4.2.25. . - CVE-2025-64459: Prevent a potential SQL injection via _connector keyword argument in QuerySet/Q objects. The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get() and the class Q() were subject to SQL injection when using a suitably crafted dictionary (with dictionary expansion) as the _connector argument. This CVE was fixed in Django 4.2.26. . - CVE-2025-64460: Prevent a potential denial-of-service vulnerability in XML serializer text extraction. An algorithmic complexity issue in django.core.serializers.xml_serializer.getInnerText() allowed a remote attacker to cause a potential denial-of-service triggering CPU and memory exhaustion via a specially crafted XML input submitted to a service that invokes XML Deserializer. The vulnerability resulted from repeated string concatenation while recursively collecting text nodes, which produced superlinear computation. (Closes: #1121788) . python-django (3:4.2.26-1) unstable; urgency=high . * New upstream security release. . - CVE-2025-64458: Fix a potential denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedirect. NFKC normalization in Python is slow on Windows; as a consequence, HttpResponseRedirect, HttpResponsePermanentRedirect and redirect were subject to a potential denial-of-service attack via certain inputs with a very large number of Unicode characters. . - CVE-2025-64459: Prevent a potential SQL injection via _connector keyword argument in QuerySet/Q objects. The methods QuerySet.filter(), QuerySet.exclude(), and QuerySet.get() and the class Q() were subject to SQL injection when using a suitably crafted dictionary (with dictionary expansion) as the _connector argument. . * Refresh patches. python-django (3:4.2.25-2) unstable; urgency=medium . * Team upload. * Skip NOT NULL constraints on PostgreSQL 18+ (closes: #1117647). python-django (3:4.2.25-1) unstable; urgency=high . * New upstream security release (Closes: #1116979): . - CVE-2025-59681: Potential SQL injection in QuerySet.annotate(), alias(), aggregate() and extra() on MySQL and MariaDB. . QuerySet.annotate(), QuerySet.alias(), QuerySet.aggregate() and QuerySet.extra() methods were subject to SQL injection in column aliases, using a suitably crafted dictionary with dictionary expansion as the **kwargs passed to these methods on MySQL and MariaDB. . - CVE-2025-59682: Potential partial directory-traversal via archive.extract() . The django.utils.archive.extract() function, used by startapp --template and startproject --template allowed partial directory-traversal via an archive with file paths sharing a common prefix with the target directory. . python-django (3:4.2.24-1) unstable; urgency=high . * New upstream security release: . - CVE-2025-57833: Potential SQL injection in FilteredRelation column aliases. The FilteredRelation feature in Django was subject to a potential SQL injection vulnerability in column aliases that was exploitable via suitably crafted dictionary with dictionary expansion as the **kwargs passed QuerySet.annotate() or QuerySet.alias(). (Closes: #1113865) . python-filelock (3.18.0-1+deb13u1) trixie; urgency=medium . * Add patch: cve-2025-68146.patch This addresses CVE-2025-68146 by including the patch from upstream. (commit e84510eac948b5b6027b24025f421a650cbd9749) Closes: #1123510 python-keystonemiddleware (10.9.0-2+deb13u1) trixie-security; urgency=medium . * CVE-2026-22797 / OSSA-2026-001: privilege escalation via spoofed identity headers. Applied upstream patch: Fix privilege escalation via spoofed identity headers (Closes: #1125680). python-multipart (0.0.20-1.1~deb13u1) trixie; urgency=medium . * Rebuild for trixie . python-multipart (0.0.20-1.1) unstable; urgency=medium . * Non-maintainer upload. * Arbitrary file write via a non-default configuration (CVE-2026-24486) (Closes: #1126557) * chore: add return type on test python-os-ken (3.0.1-2+deb13u1) trixie; urgency=medium . * Add Accept_empty_OXM_fields.patch. python-parsl (2025.01.13+ds-1+deb13u1) trixie-security; urgency=medium . * CVE-2026-21892.patch: new: fix sql injection vulnerability. This change addresses the CVE-2026-21892. (Closes: #1125085) python-pyspnego (0.10.2-2+deb13u1) trixie; urgency=medium . * Non-maintainer upload with permission by the maintainer (#1123071#15) * Fix deprecation warning (Closes: #1123071) python-urllib3 (2.3.0-3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Unbounded number of links in the decompression chain (CVE-2025-66418) (Closes: #1122030) * Decompression-bomb safeguards bypassed when following HTTP redirects (streaming API) (CVE-2026-21441) (Closes: #1125062) qemu (1:10.0.8+ds-0+deb13u1) trixie; urgency=medium . * 10.0.8 upstream stable/bugfix release: - Update version for 10.0.8 release - scripts/qemugdb: timers: Fix KeyError in 'qemu timers' command - linux-user/syscall.c: Prevent acquiring clone_lock while fork() - virtio-gpu: fix error handling in virgl_cmd_resource_create_blob - virtio-pmem: ignore empty queue notifications - virtio-gpu-virgl: correct parent for blob memory region - cryptodev-builtin: Limit the maximum size - hw/virtio/virtio-crypto: verify asym request size Closes: #1123670, CVE-2025-14876 - q35: Fix migration of SMRAM state - virtio-dmabuf: Ensure UUID persistence for hash table insertion - vdpa: fix vhost-vdpa suspended state not be shared - hw/i2c/aspeed_i2c: Fix DMA moving data into incorrect address - hw/i2c/aspeed: Fix wrong I2CC_DMA_LEN when I2CM_DMA_TX/RX_ADDR set first - hw/i2c/aspeed_i2c.c: Add a check for dma_read - hw/adc: Fix out-of-bounds write in Aspeed ADC model - hw/uefi: fix size negotiation - hw/nvme: Fix bootindex suffix use-after-free - python: fix msys64 wheel directory specification - tests/qtest/ufs-test: Add test for mcq completion queue wraparound - hw/ufs: Fix mcq completion queue wraparound - hw/ufs: fix CQE endianness and UPIU length - hw/ufs: Ensure DBC of PRDT uses only lower 18 bits - tests/functional: migrate sbsa_ref test images - pc-bios/optionrom: Use 32-bit linker emulation for the optionroms - target/i386/tcg: fix a few instructions that do not support VEX.L=1 - linux-user: fixup termios2 related things on PowerPC - linux-user: Add missing termios baud rates - linux-user: Add termios2 support to sparc target - linux-user: Add termios2 support to sh4 target - linux-user: Add termios2 support to mips target - linux-user: Add termios2 support to hppa target - linux-user: Add termios2 support to alpha target - linux-user: Add termios2 support - hw/intc: avoid byte swap fiddling in gicv3 its path - bsd-user/syscall_defs.h: define STAT_TIME_T_EXT only for 32 bits - bsd-user: Fix __i386__ test for TARGET_HAS_STAT_TIME_T_EXT - hw/sd/sdhci: Fix TYPE_IMX_USDHC to implement sd-spec-version 3 by default - linux-user/aarch64/target_fcntl.h: add missing TARGET_O_LARGEFILE definition https://gitlab.com/qemu-project/qemu/-/issues/3262 - tests/functional: Mark another MIPS replay test as flaky - tests/functional: Mark the MIPS replay tests as flaky - target/arm: Correctly trap HCR.TID1 registers in v7A - target/arm: Correctly honour HCR.TID3 for v7A cores - target/arm: Don't specify ID_PFR1 accessfn twice - tests/functional: migrate aspeed_rainier image - hw/loongarch/virt: Don't abort on access to unimplemented IOCSR - target/loongarch: Fix exception ADEF/ADEM missing to update CSR_BADV - target/loongarch: Fix exception BCE missing to update CSR_BADV - target/loongach: Fix some exceptions failure in updating CSR_BADV - hw/loongarch/virt: Fix irq allocation failure with pci device from fdt - hw/loongarch/virt: Modify the interrupt trigger type in fdt table - hw/i386/kvm: fix PIRQ bounds check in xen_physdev_map_pirq() Closes: #1125423, CVE-2026-0665 - target/i386/tcg: allow VEX in 16-bit protected mode - target/i386/tcg: mask addresses for VSIB - target/i386/tcg: do not mark all SSE instructions as unaligned - m68k: fix CAS2 writeback when Dc1==Dc2 - configs: use default prefix for Windows compilation - tests: add tcg coverage for fixed mremap bugs - linux-user: fix reserved_va page leak in do_munmap - linux-user: fix mremap errors for invalid ranges - linux-user: fix mremap unmapping adjacent region - linux-user: allow null `pathname` for statx()/fstatat() - tcg/riscv: Fix TCG_REG_TMP0 clobber in tcg_gen_dup{m,i} - monitor/qmp: cleanup SocketChardev listener sources early to avoid fd handling race - hw/i2c/imx: Fix trace func name error - target/i386/tcg: ignore V3 in 32-bit mode - target/i386: Fix #GP error code for INT instructions https://gitlab.com/qemu-project/qemu/-/issues/3160 - qdev: fix error handling in set_uint64_checkmask - gdbstub: Fix const qualifier build errors with recent glibc - monitor: Fix const qualifier build errors with recent glibc - tests/vhost-user-bridge.c: Fix const qualifier build errors with recent glibc - i386: Fix const qualifier build errors with recent glibc - Fix const qualifier build errors with recent glibc - qga: Fix ubsan warning - Revert "nvme: Fix coroutine waking" - nvme: Note in which AioContext some functions run - block: Fix BDS use after free during shutdown - scripts/nsis.py: Tell makensis that WoA is 64 bit - vhost: Always initialize cached vring data - target/arm: handle unaligned PC during tlb probe https://gitlab.com/qemu-project/qemu/-/issues/3233 - tcg: Zero extend 32-bit addresses for TCI - tests/docker: fix debian-all-test-cross - tests/docker: handle host-arch selection for all-test-cross - tests/docker: add --arch-only to qemu deps for all-test-cross - gitlab: move custom runners to Ubuntu 24.04 - gitlab-ci.d/cirrus: Update the FreeBSD job to v14.3 - tests/vm: bump FreeBSD image to 14.3 * virtio-gpu-virgl-Add-virtio-gpu-virgl-hostmem-region.patch (fix regression in 10.0.8, introduced in "virtio-gpu-virgl: correct parent for blob memory region") qtbase-opensource-src (5.15.15+dfsg-6+deb13u1) trixie; urgency=medium . * Backport two upstream patches to fix data races in QReadWriteLock (closes: #1122641). * Backport upstream patch to stop calling QXcbVirtualDesktop::dpi() function from QXcbScreen::logicalDpi() (closes: #1107294). * Backport upstream patch to revert locking simplification, which caused data race (closes: #1126100). reprepro (5.4.6+really5.3.2-1+deb13u1) trixie; urgency=medium . * Fix incorrect tracking data when copying packages (Closes: #1125255) requests (2.32.3+dfsg-5+deb13u1) trixie; urgency=medium . * CVE-2024-47081 (Closes: #1107368) riseup-vpn (0.24.10+ds1-1+deb13u2) trixie; urgency=medium . * Add policykits in an ORed fashion so there is at least one polkit available. This is due to the removal of policykit-1-gnome in stable (Closes: #1124472) * Add patch to add in more desktop environments and polkit binary paths to startup polkit on service start. roundcube (1.6.13+dfsg-0+deb13u1) trixie-security; urgency=high . * New upstream security and bugfix release (closes: #1127447). + Fix CVE-2026-26079: CSS injection vulnerability. + Fix CVE-2026-25916: Remote image blocking bypass via SVG content. * Refresh d/patches. roundcube (1.6.12+dfsg-1) unstable; urgency=high . * New upstream security and bugfix release (closes: #1122899). + Fix Cross-Site-Scripting vulnerability via SVG's animate tag. + Fix Information Disclosure vulnerability in the HTML style sanitizer. * d/watch: + Port to Version 5. + Simplify [UD]version-Mangle. + Use @STABLE_VERSION@ not @ANY_VERSION@ as tag matching pattern. * Refresh d/patches. runit-services (0.9.1+deb13u1) trixie; urgency=medium . * slim: start in foreground with -n. + thanks: Andrew Bower (Closes: #1121099) * dbus-dep.fixer: - correctly test for existing services definitions - only start dbus services, even with the sysv override. + thanks: S. Osipiuk (Closes: #1126699) rust-ntp-proto (1.4.0-4+deb13u1) trixie; urgency=high . * Fix CVE-2026-26076 - increased load while processing malformed NTS packets (Closes: #1127929) rust-tealdeer (1.7.2-1+deb13u1) trixie; urgency=medium . * Team upload. * Cherry-pick upstream patch updating archive url (Closes: #1126698) * Package tealdeer 1.7.2 from crates.io using debcargo 2.7.8 samba (2:4.22.8+dfsg-0+deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=15790: Bind dlz 9.20 - https://bugzilla.samba.org/show_bug.cgi?id=15959: New Spotlight default search field incorrectly initialized - https://bugzilla.samba.org/show_bug.cgi?id=15964: "net offlinejoin requestodj" manpage entry incorrectly mentiones provided credentials - https://bugzilla.samba.org/show_bug.cgi?id=15972: Winbind group resolution failure - https://bugzilla.samba.org/show_bug.cgi?id=15977: ctdbd socket documentation is wrong - https://bugzilla.samba.org/show_bug.cgi?id=15979: possible memory leak on rpc_spoolss - https://bugzilla.samba.org/show_bug.cgi?id=15984: smbd: in contend_dirleases() don't bother checking when not enabled * add-support-for-bind-9.20.patch: remove (now applied upstream) * d/clean: also remove python/samba/provision/kerberos_implementation.py (Closes: #1048754) scilab (2024.1.0+dfsg-6+deb13u1) trixie; urgency=medium . * Team upload. . [ Pierre Gruet ] * Using the UTF-8 suffix when calling scilab to build the documentation. Closes: #1106083. shaarli (0.14.0+dfsg-2+deb13u1) trixie-security; urgency=medium . * Add patch to fix stored XSS via tag suggestions (Closes: #1126554, CVE-2026-24476) spip (4.4.11+dfsg-0+deb13u1) trixie-security; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.11 * Include security fixes from 4.4.10 [CVE-2026-22205] [CVE-2026-22206] * Include security fixes from 4.4.9 [CVE-2026-27472] [CVE-2026-27473] [CVE-2026-27474] [CVE-2026-27475] * Include security fixes from 4.4.8 [CVE-2026-26223] [CVE-2026-26345] . [ David Prévot ] * Document CVE fixes in previous changelog entries * Refresh patches spip (4.4.10+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.10 spip (4.4.9+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.9 spip (4.4.8+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.8 . [ David Prévot ] * Convert d/watch to version 5 * Update Standards-Version to 4.7.3 spip (4.4.7+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.7 spip (4.4.6+dfsg-1) unstable; urgency=medium . [ Matthieu Marcillaud ] * build: Version 4.4.6 spip (4.4.5+dfsg-1) unstable; urgency=medium . * Upload to unstable now that Trixie has been released . [ Matthieu Marcillaud ] * build: Version 4.4.5 . [ David Prévot ] * Remove Rules-Requires-Root * Update Standards-Version to 4.7.2 spip (4.4.4+dfsg-1) experimental; urgency=medium . * Upload to experimental during the freeze . [ Matthieu Marcillaud ] * build: Version 4.4.4 sqlite3 (3.46.1-7+deb13u1) trixie; urgency=medium . * Backport upstream security fix for CVE-2025-7709: integer overflow in the FTS5 extension (closes: #1114609). * Add pkgconf build dependency to fix link problem with ICU extension (closes: #1099724). starlette (0.46.1-3+deb13u1) trixie; urgency=medium . * Team upload. * d/p/CVE-2025-62727.patch: Backport Upstream patch to fix CVE-2025-62727 (denial of service via crafted HTTP Range header in FileResponse) * d/changelog: Fix changelog indentation * d/gbp.conf: Update to Trixie sudo (1.9.16p2-3+deb13u1) trixie; urgency=medium . [ Marc Haber ] * add upstream patch: Do not perform path expansion Thanks to Adam D. Barratt" (Closes: #1126085) * Enable Intel CET on amd64 only. Thanks to Marcos Del Sol Vives (Closes: #1124339) * Pull more robust test suite from unstable suricata (1:7.0.10-1+deb13u3) trixie; urgency=medium . * Fix CVE-2026-22258 in 7.0.10. Cherry-Picked from: * f82a388d0283725cb76782cf64e8341cab370830 * df389f8a43a06c718bb336ea082d6c80d6fefda0 * c9b80e5affe073ce9d95d0c935a8d67647c83bf7 * Fix CVE-2026-22262 in 7.0.10. Cherry-Picked from: * 32609e6896f9079c175665a94005417cec7637eb * 27a2180bceaa3477419c78c54fce364398d011f1 * Fix CVE-2026-22264 in 7.0.10. Cherry-Picked from 5789a3d3760dbf33d93fc56c27bd9529e5bdc8f2. * Fix CVE-2026-22259 in 7.0.10. Cherry-Picked from: * 63225d5f8ef64cc65164c0bb1800730842d54942 * 635af8dc8be09667689be71d781912718ca1aa49 * fdd79bdb14488244604729f1d68ca4bc60000dbd * a6d950315d9b6c1e35c10c24d9bb7128d422c21f With this fix, DNP3 has reduced the default maximum number of outstanding transactions from 500 down to 32. Read the update instructions for Suricata 7.0.14 for more details. * Fix CVE-2026-22261 in 7.0.10. Cherry-Picked from: * 44d0c81f537f230e9215c769453fb4d7214217a1 * 7e704a3f50690b5f5d5cc573147ef41449fe37ac tayga (0.9.2-10+deb13u1) trixie; urgency=medium . * Refresh 0012-rfc8125-local-prefix.patch * Add patch "Fix EAM mapping for host addressess" (Closes: #1082060) thunderbird (1:140.8.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.8.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.7.1esr-1) unstable; urgency=medium . * [0fb78ae] d/control: Increase Standards-Version to 4.7.3 * [b27283c] New upstream version 140.7.1esr Fixed CVE issues in upstream version 140.7.1 (MFSA 2026-08): CVE-2026-0818: CSS-based exfiltration of the content from partially encrypted emails when allowing remote content thunderbird (1:140.7.1esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security * drop fixes only needed for sid/forky thunderbird (1:140.7.1esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security * drop fixes only needed for sid/forky thunderbird (1:140.7.0esr-1) unstable; urgency=medium . * [9dd500b] New upstream version 140.7.0esr Fixed CVE issues in upstream version 140.7 (MFSA 2026-05): CVE-2026-0877: Mitigation bypass in the DOM: Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component CVE-2026-0879: Sandbox escape due to incorrect boundary conditions in the Graphics component CVE-2026-0880: Sandbox escape due to integer overflow in the Graphics component CVE-2026-0882: Use-after-free in the IPC component CVE-2025-14327: Spoofing issue in the Downloads Panel component CVE-2026-0883: Information disclosure in the Networking component CVE-2026-0884: Use-after-free in the JavaScript Engine component CVE-2026-0885: Use-after-free in the JavaScript: GC component CVE-2026-0886: Incorrect boundary conditions in the Graphics component CVE-2026-0887: Clickjacking issue, information disclosure in the PDF Viewer component CVE-2026-0890: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component CVE-2026-0891: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 * [6da09ab] rebuild patch queue from patch-queue branch added patches: fixes/enable-use-of-gpgme-greater-equal-two-dot-zero.patch (Closes: #1121054) * [9adc353] d/control: add libgpgme to Depends dpkg-shlibdeps doesn't detect the need to add the library libgpgme to ${misc:Depends} so adding that package manually to the list. (Closes: #1121117) thunderbird (1:140.7.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security * drop patches/fixes only needed for sid/forky thunderbird (1:140.7.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security * drop patches/fixes only needed for sid/forky thunderbird (1:140.6.0esr-1) unstable; urgency=medium . [ Carsten Schoenert ] * [6956481] Rebuild patch queue from patch-queue branch. Added patch: debian-hacks/all-thunderbird.js-Append-esr-to-VERSION-variable.patch (Closes: #1115859) . [ Christoph Goehre ] * [f9ca412] New upstream version 140.6.0esr Fixed CVE issues in upstream version 140.6 (MFSA 2025-96): CVE-2025-14321: Use-after-free in the WebRTC: Signaling component CVE-2025-14322: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component CVE-2025-14323: Privilege escalation in the DOM: Notifications component CVE-2025-14324: JIT miscompilation in the JavaScript Engine: JIT component CVE-2025-14325: JIT miscompilation in the JavaScript Engine: JIT component CVE-2025-14328: Privilege escalation in the Netmonitor component CVE-2025-14329: Privilege escalation in the Netmonitor component CVE-2025-14330: JIT miscompilation in the JavaScript Engine: JIT component CVE-2025-14331: Same-origin policy bypass in the Request Handling component CVE-2025-14333: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 tomcat10 (10.1.52-1~deb13u1) trixie-security; urgency=medium . * Backport 10.1.52. to trixie. * Fix CVE-2025-46701, CVE-2025-48976, CVE-2025-48988, CVE-2025-48989, CVE-2025-49125, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2025-55752, CVE-2025-55754 and CVE-2025-61795. Several security vulnerabilities have been found in Tomcat 10, a Java web server and servlet engine. This update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. tomcat10 (10.1.52-1~deb12u1) bookworm-security; urgency=medium . * Backport 10.1.52. to bookworm. * Fix CVE-2025-46701, CVE-2025-48976, CVE-2025-48988, CVE-2025-48989, CVE-2025-49125, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2025-55752, CVE-2025-55754, CVE-2025-61795, CVE-2025-31650 and CVE-2025-31651. Several security vulnerabilities have been found in Tomcat 10, a Java web server and servlet engine. This update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. tomcat10 (10.1.46-1) unstable; urgency=medium . * New upstream release - Refreshed the patches tomcat11 (11.0.15-1~deb13u1) trixie-security; urgency=medium . * Backport 11.0.15. to trixie. * Fix CVE-2025-46701, CVE-2025-48976, CVE-2025-48988, CVE-2025-48989, CVE-2025-49125, CVE-2025-52520, CVE-2025-53506, CVE-2025-55668, CVE-2025-55752, CVE-2025-55754 and CVE-2025-61795. Several security vulnerabilities have been found in Tomcat 11, a Java web server and servlet engine. This update improves the handling of HTTP/2 connections and corrects various flaws which can lead to uncontrolled resource consumption and a denial of service. tomcat11 (11.0.11-1) unstable; urgency=medium . * New upstream release - Refreshed the patches torsocks (2.5.0-1+deb13u1) trixie; urgency=medium . * Trigger ldconfig trigger (Closes: #1125775). * Use correct environment variable (Closes: #1126559). * add libtorsocks.lintian-overrides to document the need of ldconfig trigger and the customized ld.so search path. tzdata (2026a-0+deb13u1) trixie; urgency=medium . * New upstream version 2026a: - No leap second on 2026-06-30 - Moldova has used EU transition times since 2022 * Drop No-leap-second-on-2025-12-31.patch (merged upstream) * gbp.conf: change branch to trixie tzdata (2025c-3) unstable; urgency=medium . * Also remove /etc/timezone on upgrades from Ubuntu 25.10 "questing" older tzdata (2025c-2) unstable; urgency=medium . * Remove /etc/timezone on upgrade (Closes: #605834, #813226, #822733) tzdata (2025c-1) unstable; urgency=medium . * New upstream version 2025c * Update French debconf translation. Thanks to Baptiste Jammet (Closes: #1118004) * Drop No-leap-second-on-2025-12-31.patch (merged upstream) * Update Swedish debconf translation. Thanks to Martin Bagge (Closes: #1122575) * debian/control: drop Rules-Requires-Root field, now obsolete * debian/watch: update to version 5 * Add autopkgtest test case for 2025c release tzdata (2025b-5) unstable; urgency=medium . * Change Provides: from tzdata-trixie to tzdata-forky * Backport leap second update from upstream uglifyjs (2.8.29-8+deb13u1) trixie; urgency=medium . * Team upload. * Adapt test issue-1770.js to reality. Closes: #1072609. units (2.24-1+deb13u1) trixie; urgency=medium . * Switch to new packetizer.com URLs in units_cur. Closes: #1128412. usbmuxd (1.1.1-6+deb13u1) trixie-security; urgency=medium . * d/patch: add fix for path traversal vulnerability (CVE-2025-66004) (Closes: #1122507) vlc (3.0.23-0+deb13u1) trixie-security; urgency=medium . * New upstream version 3.0.23 vlc (3.0.23-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 3.0.23 vlc (3.0.22-4) unstable; urgency=medium . * debuan/rules: Fix typo vlc (3.0.22-3) unstable; urgency=medium . [ Colomban Wendling ] * Fix a few typos and wording in packages descriptions . [ Pino Toscano ] * Build sid plugin only on Linux * Force linking to pthread on Hurd . [ Sebastian Ramacher ] * debian/: Disable libcaca * debian/control: - Remove inactive Uploaders - Bump Standards-Version vlc (3.0.22-2) unstable; urgency=medium . * debian/: Disable libmad plugin * debian/patches: Apply upstream patches to fix build with ffmpeg 8.0 (Closes: #1115062) vlc (3.0.22-1) unstable; urgency=medium . * New upstream version 3.0.22 * debian/rules: No longer write revision info wget2 (2.2.0+ds-1+deb13u1) trixie; urgency=medium . * CVE-2025-69194 (Closes: #1124378) * CVE-2025-69195 (Closes: #1124377) wireless-regdb (2026.02.04-1~deb13u1) trixie; urgency=medium . * Backported to trixie: - d/salsa-ci.yml: Set RELEASE to trixie - Revert "Add support and documentation for setting default regulatory domain" . wireless-regdb (2026.02.04-1) unstable; urgency=medium . [ Ben Hutchings ] * New upstream version: - Update regulatory info for Australia (AU) for 2025 - Update broken link in regulatory.bin(5) manpage - Update regulatory info for Malaysia (MY) for 2024 - Update regulatory info for Malaysia (MY) for 2025 - Update regulatory info for Tunisia (TN) on 6GHz for 2025 - Update regulatory info for Canada (CA) for 2025 * d/rules: Install regulatory.db under /usr without dh_movetousr (Closes: #1122785) * d/README.Debian: Remove minimum kernel version for direct-loading * Add support and documentation for setting default regulatory domain . [ Bastian Germann ] * Drop unnecessary B-D m2crypto (Closes: #1126431) . wireless-regdb (2025.10.07-1) unstable; urgency=medium . * New upstream version: - update regulatory rules for Botswana (BW) for 2022 - update regulatory rules for Sint Marteen (SX) for 2018 - Update regulatory info including bandwidth for Costa Rica (CR) for 2023 - Permit lower 6 GHz band for Kazakhstan (KZ) * d/salsa-ci.yml: Remove obsolete lintian error suppression * d/upstream/signing-key.asc: Update for later expiry date * d/watch: Convert to version 5 format wireless-regdb (2026.02.04-1~deb12u1) bookworm; urgency=medium . * Backport to bookworm: - Revert "d/salsa-ci.yml: Suppress false bad-distribution-in-changes-file error" which is no longer needed - Revert "Add support and documentation for setting default regulatory domain" - d/rules: Set FIRMWARE_PATH = /lib/firmware . wireless-regdb (2026.02.04-1) unstable; urgency=medium . [ Ben Hutchings ] * New upstream version: - Update regulatory info for Australia (AU) for 2025 - Update broken link in regulatory.bin(5) manpage - Update regulatory info for Malaysia (MY) for 2024 - Update regulatory info for Malaysia (MY) for 2025 - Update regulatory info for Tunisia (TN) on 6GHz for 2025 - Update regulatory info for Canada (CA) for 2025 * d/rules: Install regulatory.db under /usr without dh_movetousr (Closes: #1122785) * d/README.Debian: Remove minimum kernel version for direct-loading * Add support and documentation for setting default regulatory domain . [ Bastian Germann ] * Drop unnecessary B-D m2crypto (Closes: #1126431) . wireless-regdb (2025.10.07-1) unstable; urgency=medium . * New upstream version: - update regulatory rules for Botswana (BW) for 2022 - update regulatory rules for Sint Marteen (SX) for 2018 - Update regulatory info including bandwidth for Costa Rica (CR) for 2023 - Permit lower 6 GHz band for Kazakhstan (KZ) * d/salsa-ci.yml: Remove obsolete lintian error suppression * d/upstream/signing-key.asc: Update for later expiry date * d/watch: Convert to version 5 format wireless-regdb (2025.10.07-1) unstable; urgency=medium . * New upstream version: - update regulatory rules for Botswana (BW) for 2022 - update regulatory rules for Sint Marteen (SX) for 2018 - Update regulatory info including bandwidth for Costa Rica (CR) for 2023 - Permit lower 6 GHz band for Kazakhstan (KZ) * d/salsa-ci.yml: Remove obsolete lintian error suppression * d/upstream/signing-key.asc: Update for later expiry date * d/watch: Convert to version 5 format wireshark (4.4.14-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2026-3201: USB HID dissector memory exhaustion - CVE-2026-3203: RF4CE Profile dissector crash - Drop 0001-wsutil-Restore-removed-ws_base32_decode.patch, applied upstream. wireshark (4.4.13-0+deb13u1) trixie-security; urgency=medium . * Team upload. * New upstream version 4.4.13-0+deb13u1 - CVE-2025-9817: SSH dissector crash - CVE-2025-11626: MONGO dissector infinite loop - CVE-2025-13499: Kafka dissector crash - CVE-2025-13945: HTTP3 dissector crash - CVE-2025-13946: MEGACO dissector infinite loop - CVE-2026-0959: IEEE 802.11 protocol dissector crash - CVE-2026-0960: HTTP3 protocol dissector infinite loop - CVE-2026-0961: BLF file parser crash - CVE-2026-0962: SOME/IP-SD protocol dissector crash * d/libwsutil16.symbols: Update to reflect New Upstream version * d/patches: - 0001-tools-Use-esnacc-instead...patch: Drop patch merged upstream - 0001-wsutil-Restore-removed-ws_base32_decode.patch: New patch wireshark (4.4.9-1) unstable; urgency=medium . * New upstream version * Drop snacc -> esnacc patch integrated upstream * Update symbols wireshark (4.4.8-0exp1) experimental; urgency=medium . * New upstream version * Target experimental due to the freeze xen (4.20.2+37-g61ff35323e-0+deb13u1) trixie; urgency=medium . * Update to new upstream version 4.20.2+37-g61ff35323e, which also contains security fixes for the following issues: - x86: buffer overrun with shadow paging + tracing XSA-477 CVE-2025-58150 - x86: incomplete IBPB for vCPU isolation XSA-479 CVE-2026-23553 * Note that the following XSA are not listed, because... - XSA-478 applies to XAPI which is not included in Debian xen (4.20.2+7-g1badcf5035-2) unstable; urgency=medium . * d/rules: simplify for make 4.4 * d/control: Update Standards-Version to 4.7.2 * Pick upstream commit 5bbe1fe413 ("ARM: Drop ThumbEE support") to fix a FTBFS on arm64. (Closes: #1122070) xen (4.20.2+7-g1badcf5035-1) unstable; urgency=medium . Significant changes: * Update to new upstream version 4.20.2+7-g1badcf5035, which also contains security fixes for the following issues: (Closes: #1105193) (Closes: #1120075) - x86: Indirect Target Selection XSA-469 CVE-2024-28956 - x86: Incorrect stubs exception handling for flags recovery XSA-470 CVE-2025-27465 - x86: Transitive Scheduler Attacks XSA-471 CVE-2024-36350 CVE-2024-36357 - Multiple vulnerabilities in the Viridian interface XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 - Arm issues with page refcounting XSA-473 CVE-2025-58144 CVE-2025-58145 - x86: Incorrect input sanitisation in Viridian hypercalls XSA-475 CVE-2025-58147 CVE-2025-58148 - Incorrect removal of permissions on PCI device unplug XSA-476 CVE-2025-58149 * Note that the following XSA are not listed, because... - XSA-468 applies to Windows PV drivers - XSA-474 applies to XAPI which is not included in Debian . Packaging minor fixes and improvements: * debian/salsa-ci.yml: adjust for new salsa-ci pipeline xrdp (0.10.1-3.1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2025-68670: Buffer overflow parsing domain (Closes: #1126537) zabbix (1:7.0.22+dfsg-1~deb13u1) trixie; urgency=medium . * Non Maintainer Upload by LTS Team * Upload to trixie (Closes: #1121841, #1117448) + Fix CVE-2025-49643 (fixed in 7.0.19) + Fix CVE-2025-49641 (fixed in 7.0.18) + Fix CVE-2025-27238 (fixed in 7.0.14) + Fix CVE-2025-27236 (fixed in 7.0.17) + Fix CVE-2025-27233 (fixed in 7.0.11) + Fix CVE-2025-27231 (fixed in 7.0.18) zabbix (1:7.0.22+dfsg-1~bpo13+1) trixie-backports; urgency=medium . * Rebuild for trixie-backports. . zabbix (1:7.0.22+dfsg-1) unstable; urgency=high . * New upstream release. (Closes: #1117448) + CVE-2025-49641 (fixed in 7.0.18) + CVE-2025-27238 (fixed in 7.0.14) + CVE-2025-27236 (fixed in 7.0.17) + CVE-2025-27233 (fixed in 7.0.11) + CVE-2025-27231 (fixed in 7.0.18) * Build-Depends: + golang-github-victoriametrics-easyproto-dev = golang-any (>= 2:1.24~) * README.Debian.security to denote limited scope of support. zookeeper (3.9.3-1+deb13u1) trixie; urgency=medium . * Team upload * Skipping tests of the zookeeper-server artifact, which fail randomly. Keeping the tests of the other artifacts (Closes: #1102062). ====================================== Sat, 10 Jan 2026 - Debian 13.3 released ====================================== ========================================================================= [Date: Sat, 10 Jan 2026 10:01:39 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x cdrom-core-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x crypto-dm-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x crypto-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x dasd-extra-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x dasd-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x ext4-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x f2fs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x fat-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x isofs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x kernel-image-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x linux-headers-6.12.43+deb13-s390x | 6.12.43-1 | s390x linux-image-6.12.43+deb13-s390x | 6.12.43-1 | s390x linux-image-6.12.43+deb13-s390x-dbg | 6.12.43-1 | s390x loop-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x md-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x mtd-core-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x multipath-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x nbd-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x nic-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x scsi-core-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x scsi-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x udf-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x xfs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:01:49 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 btrfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 cdrom-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 crypto-dm-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 crypto-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 drm-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 ext4-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 f2fs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 fat-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 fb-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 input-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 isofs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 jfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 kernel-image-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 linux-headers-6.12.43+deb13-riscv64 | 6.12.43-1 | riscv64 linux-image-6.12.43+deb13-riscv64 | 6.12.43-1 | riscv64 linux-image-6.12.43+deb13-riscv64-dbg | 6.12.43-1 | riscv64 loop-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 md-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 mmc-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 mmc-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 mtd-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 multipath-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nbd-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-shared-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-usb-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-wireless-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 pata-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 ppp-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 sata-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 scsi-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 scsi-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 scsi-nic-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 squashfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 udf-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 usb-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 usb-serial-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 usb-storage-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 xfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:01:59 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-amd64 | 6.12.43-1 | amd64 linux-headers-6.12.43+deb13-cloud-amd64 | 6.12.43-1 | amd64 linux-headers-6.12.43+deb13-rt-amd64 | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-amd64-dbg | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-amd64-unsigned | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-cloud-amd64-dbg | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-cloud-amd64-unsigned | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-rt-amd64-dbg | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-rt-amd64-unsigned | 6.12.43-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:32 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.43+deb13 | 6.12.43-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:41 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-arm64 | 6.12.43-1 | arm64 linux-headers-6.12.43+deb13-arm64-16k | 6.12.43-1 | arm64 linux-headers-6.12.43+deb13-cloud-arm64 | 6.12.43-1 | arm64 linux-headers-6.12.43+deb13-rt-arm64 | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-16k-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-16k-unsigned | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-unsigned | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-cloud-arm64-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-cloud-arm64-unsigned | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-rt-arm64-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-rt-arm64-unsigned | 6.12.43-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:49 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-rpi | 6.12.43-1 | armel linux-image-6.12.43+deb13-rpi | 6.12.43-1 | armel linux-image-6.12.43+deb13-rpi-dbg | 6.12.43-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:56 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf btrfs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf cdrom-core-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf crypto-dm-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf crypto-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf drm-core-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf ext4-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf f2fs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf fat-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf fb-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf input-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf isofs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf jfs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf kernel-image-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf linux-headers-6.12.43+deb13-armmp | 6.12.43-1 | armhf linux-headers-6.12.43+deb13-armmp-lpae | 6.12.43-1 | armhf linux-headers-6.12.43+deb13-rt-armmp | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp-dbg | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp-lpae | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp-lpae-dbg | 6.12.43-1 | armhf linux-image-6.12.43+deb13-rt-armmp | 6.12.43-1 | armhf linux-image-6.12.43+deb13-rt-armmp-dbg | 6.12.43-1 | armhf loop-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf md-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf mmc-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf mtd-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf multipath-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nbd-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-shared-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-usb-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-wireless-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf pata-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf ppp-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf sata-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf scsi-core-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf scsi-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf scsi-nic-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf sound-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf speakup-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf squashfs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf udf-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf uinput-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf usb-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf usb-serial-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf usb-storage-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:03:04 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el btrfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el cdrom-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el crypto-dm-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el crypto-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el drm-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el ext4-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el f2fs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el fat-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el fb-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el firewire-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el hypervisor-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el input-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el isofs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el jfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el kernel-image-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el linux-headers-6.12.43+deb13-powerpc64le | 6.12.43-1 | ppc64el linux-headers-6.12.43+deb13-powerpc64le-64k | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le-64k | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le-64k-dbg | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le-dbg | 6.12.43-1 | ppc64el loop-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el md-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el mtd-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el multipath-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nbd-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-shared-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-usb-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-wireless-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el ppp-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el sata-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el scsi-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el scsi-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el scsi-nic-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el serial-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el squashfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el udf-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el uinput-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el usb-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el usb-serial-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el usb-storage-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el xfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:03:17 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 btrfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 cdrom-core-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 crypto-dm-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 crypto-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 ext4-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 f2fs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 fat-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 fb-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 input-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 isofs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 jfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 kernel-image-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64 | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-16k | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-cloud-arm64 | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-rt-arm64 | 6.12.43-1 | arm64 loop-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 md-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 mmc-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 multipath-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nbd-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-shared-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-usb-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-wireless-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 ppp-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 sata-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 scsi-core-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 scsi-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 scsi-nic-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 sound-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 speakup-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 squashfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 udf-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 uinput-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 usb-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 usb-serial-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 usb-storage-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 xfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:03:47 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-common | 6.12.43-1 | all linux-headers-6.12.43+deb13-common-rt | 6.12.43-1 | all linux-support-6.12.43+deb13 | 6.12.43-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:04:09 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 btrfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 cdrom-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 crypto-dm-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 crypto-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 drm-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 ext4-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 f2fs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 fat-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 fb-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 firewire-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 input-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 isofs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 jfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 kernel-image-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-amd64 | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-cloud-amd64 | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-rt-amd64 | 6.12.43-1 | amd64 loop-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 md-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 mmc-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 mmc-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 mtd-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 multipath-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nbd-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-pcmcia-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-shared-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-usb-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-wireless-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 pata-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 pcmcia-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 pcmcia-storage-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 ppp-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 rfkill-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 sata-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 scsi-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 scsi-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 scsi-nic-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 serial-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 sound-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 speakup-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 squashfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 udf-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 uinput-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 usb-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 usb-serial-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 usb-storage-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 xfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64 - based on source metadata) ---------------------------------------------- ========================================================================= ansible (12.0.0+dfsg-0+deb13u1) trixie; urgency=medium . * d/watch: Track 12.0.x releases for trixie * New upstream version 12.0.0+dfsg, providing following security fixes: - cloudscale_ch.cloud: Validate API tokens before passing them to Ansible, to ensure that a badly formed one (i.e., one with newlines) is not accidentally logged. - community.general: keycloak_authentication - API calls did not properly set the priority during update resulting in incorrectly sorted authentication flows. - community.general: keycloak_client - Sanitize saml.encryption.private.key so it does not show in the logs * Remove cloud-common-flaky-test.patch (dropped upstream) * security fix: prevent keycloak_user from logging credentials (backported from ansible 12.2.0) ansible (12.0.0~b5+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b5+dfsg apache2 (2.4.66-1~deb13u1) trixie; urgency=medium . * Team upload * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200) * Update test framework apache2 (2.4.66-1~deb12u1) bookworm; urgency=medium . * Team upload * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200) * Update test framework apache2 (2.4.65-3) unstable; urgency=medium . * Change default LANG in envvars from C to C.UTF-8 (Closes: #787584) * systemd service apache2 is aliased to httpd (Closes: #915855) * document a2* environment files in man page (Closes: #880421) * Failing test in its test suite (Closes: #1107289, LP: #2112429) * Restart on-abnormal instead of on-abort (Closes: #1106280) * Allow triggers to use maintscript helper to restart apache (LP: #2038912) at-spi2-core (2.56.2-1+deb13u1) trixie; urgency=medium . * patches/keyboard-group: Fix taking group into account for key events (Closes: #1111485) at-spi2-core (2.56.2-1+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Backport to bookworm. - Revert t64 change. - Revert libgirepository1.0-dev build-dep change. awffull (3.10.2-10+deb13u1) trixie; urgency=medium . * QA upload. * debian/awffull.service: Add missing argument to avoid premature exit of the cron script when it is invoked by the systemd timer; thanks Charlemagne Lasse (Closes: #1120742). * debian/control (Vcs-Git): Add branch. * debian/gbp.conf: New file. base-files (13.8+deb13u3) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.3 point release. c-ares (1.34.5-1+deb13u1) trixie-security; urgency=medium . * Apply patch to fix use-after-free (fixes CVE-2025-62408) calibre (8.5.0+ds-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-64486 chromium (143.0.7499.169-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous. - CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim. * d/rules: change (google-specific) upstream tarball url. . [ Daniel Richard G. ] * d/control: Drop valgrind from Build-Depends:, as it appears unused. * d/patches/debianization/cross-build.patch: Update changes to the protoc wrapper to cover additional cases of non-emulated Python execution. * d/rules: Add a bug reference for the libffi issue. chromium (143.0.7499.169-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous. - CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim. * d/rules: change (google-specific) upstream tarball url. . [ Daniel Richard G. ] * d/patches/debianization/cross-build.patch: Update changes to the protoc wrapper to cover additional cases of non-emulated Python execution. chromium (143.0.7499.109-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-????-?????: Under coordination. - CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. . [ Jianfeng Liu ] * set use_av1_hw_decoder=true for arm64 and add build dep linux-libc-dev (>= 6.5). This will enable V4L2 stateful/stateless AV1 decoder found on some arm SoCs. * d/patches: - upstream/fix-rk3588-v4l2-av1-decoder.patch: Fixes upstream issue https://crbug.com/464638992. This patch is backported from v145 and will fix green frame issue when playing av1 video on RK3588. - ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: fix FTBFS on ppc64el related to conflicting kernel_stat patches. chromium (143.0.7499.109-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-????-?????: Under coordination. - CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. . [ Jianfeng Liu ] * set use_av1_hw_decoder=true for arm64 and add build dep linux-libc-dev (>= 6.5). This will enable V4L2 stateful/stateless AV1 decoder found on some arm SoCs. * d/patches: - upstream/fix-rk3588-v4l2-av1-decoder.patch: Fixes upstream issue https://crbug.com/464638992. This patch is backported from v145 and will fix green frame issue when playing av1 video on RK3588. - ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: fix FTBFS on ppc64el related to conflicting kernel_stat patches. chromium (143.0.7499.109-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-????-?????: Under coordination. - CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. chromium (143.0.7499.40-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws). - CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos. - CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles. - CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome. - CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft. - CVE-2025-13720: Bad cast in Loader. Reported by Chrome. - CVE-2025-13721: Race in v8. Reported by Chrome. - CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani. - CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito. - CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke. - CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous. * d/patches: - fixes/headless-gn.patch: refresh. - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream. - disable/tests.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - fixes/libpng-testonly.patch: add a workaround for a missing build target that upstream forgot to include. - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as unsafe to make rustc happy. - trixie/cookie-string-view.patch: add a workaround for missing clang-19 feature. . [ Daniel Richard G. ] * d/patches: - debianization/cross-build.patch: Avoid "Assignment had no effect" error from GN when running outside of d/rules. - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here. - disable/license-headless-shell.patch: Don't generate the (unused) LICENSE.headless_shell file, as the rule tends to break easily. - fixes/headless-gn.patch: No longer needed, thanks to previous patch. * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch. . [ Timothy Pearson ] * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes . [ Jianfeng Liu ] * Add loong64 support, with patches in d/patches/loongarch64/. chromium (143.0.7499.40-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws). - CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos. - CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles. - CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome. - CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft. - CVE-2025-13720: Bad cast in Loader. Reported by Chrome. - CVE-2025-13721: Race in v8. Reported by Chrome. - CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani. - CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito. - CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke. - CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous. * d/patches: - fixes/headless-gn.patch: refresh. - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream. - disable/tests.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - fixes/libpng-testonly.patch: add a workaround for a missing build target that upstream forgot to include. - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as unsafe to make rustc happy. - trixie/cookie-string-view.patch: add a workaround for missing clang-19 feature. . [ Daniel Richard G. ] * d/patches: - debianization/cross-build.patch: Avoid "Assignment had no effect" error from GN when running outside of d/rules. - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here. - disable/license-headless-shell.patch: Don't generate the (unused) LICENSE.headless_shell file, as the rule tends to break easily. - fixes/headless-gn.patch: No longer needed, thanks to previous patch. - trixie/rust-is-multiple-of.patch: add more workarounds for missing rustc features. * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch. . [ Timothy Pearson ] * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes . [ Jianfeng Liu ] * Add loong64 support, with patches in d/patches/loongarch64/. chromium (143.0.7499.40-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws). - CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos. - CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles. - CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome. - CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft. - CVE-2025-13720: Bad cast in Loader. Reported by Chrome. - CVE-2025-13721: Race in v8. Reported by Chrome. - CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani. - CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito. - CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke. - CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous. * d/patches: - fixes/headless-gn.patch: refresh. - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream. - disable/tests.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - fixes/libpng-testonly.patch: add a workaround for a missing build target that upstream forgot to include. - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as unsafe to make rustc happy. - trixie/cookie-string-view.patch: add a workaround for missing clang-19 feature. . [ Daniel Richard G. ] * d/patches: - debianization/cross-build.patch: Avoid "Assignment had no effect" error from GN when running outside of d/rules. - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here. - disable/license-headless-shell.patch: Don't generate the (unused) LICENSE.headless_shell file, as the rule tends to break easily. - fixes/headless-gn.patch: No longer needed, thanks to previous patch. - trixie/rust-is-multiple-of.patch: add more workarounds for missing rustc features. - bookworm/constexpr.patch: Refresh (source file moved). - bookworm/gn-absl.patch: Refresh. - bookworm/gn-path-exists2.patch: Refresh. - bookworm/rust-unsafe-extern.patch: add workaround for older rust code convention generated by bookworm's version of rust-bindgen. - bookworm/node-esm-dirname.patch: add workaround for older node 18. * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch. . [ Timothy Pearson ] * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes chromium (142.0.7444.175-1) unstable; urgency=high . * New upstream security release. - CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep. chromium (142.0.7444.175-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep. chromium (142.0.7444.175-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep. chromium (142.0.7444.162-1) unstable; urgency=high . * New upstream security release. - CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3. chromium (142.0.7444.162-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3. chromium (142.0.7444.162-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3. chromium (142.0.7444.134-1) unstable; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. cloud-init (25.1.4-1+deb13u1) trixie; urgency=medium . * Ensure deb822 sources.list template renders correctly (Closes: #1118187) composer (2.8.8-1+deb13u1) trixie; urgency=medium . * Backport fix from composer 2.9.3: Fixed ANSI sequence injection [CVE-2025-67746] * Track debian/trixie containerd (1.7.24~ds1-6+deb13u1) trixie-security; urgency=medium . * Fix overly broad directory permissions, Fixes: CVE-2024-25621 * Fix bug in the CRI Attach implementation, Fixes: CVE-2025-64329 Closes: #1120343 cups-filters (1.28.17-6+deb13u1) trixie; urgency=medium . * CVE-2025-64503 fix an out of bounds write vulnerability when processing crafted PDF files containing a large 'Mediabox' value. (Closes: #1120698) . * CVE-2025-57812 fix an out of bounds read/write vulnerability in the processing of TIFF image files. (Closes: #1120704) . * CVE-2025-64524 fix infinite loop with crafted input raster file, that resuls into a heap buffer overflow debian-installer (20250803+deb13u3) trixie; urgency=medium . * Bump Linux kernel ABI to 6.12.63+deb13. * Adjust linux-image build-deps accordingly. debian-installer-netboot-images (20250803+deb13u3) trixie; urgency=medium . * Update to 20250803+deb13u3, from trixie-proposed-updates. debian-security-support (1:13+2026.01.04) trixie; urgency=medium . [ Holger Levsen ] * deb13: mark wpewebkit as unsupported. Closes: #1118273. . [ Jochen Sprickerhof ] * deb13+12+11: mark hdf5 as limited supported. Closes: 1117607. . [ Moritz Muehlenhoff ] * deb13+12: mark zabbix as limited support. Closes: #1124558. debos (1.1.5-1+deb13u1) trixie-proposed-updates; urgency=medium . * d/control: add systemd-resolved to Depends (Closes: #1115880) dgit (12.16) trixie; urgency=medium . git-debrebase bugfix: * Merge resolution: Fix erroneous use of real git tree as if it were a private working area. Closes: #1116933. * Merge resolution: Fix conflation of different temporary directories. * Clean out all of the temporary playground area on every invocation. dhcpcd (1:10.1.0-11+deb13u2) trixie; urgency=medium . * [patches] + Uncomment 'ntp_servers' in dhcpcd.conf (Closes: #1123962). diffoscope (297+deb13u1) trixie; urgency=medium . * Fix a test after the upload of systemd-ukify 258~rc3 (vs 258~rc2). (Closes: #1120867) distribution-gpg-keys (1.115+ds-1~deb13u1) trixie; urgency=medium . * Merge tag 'debian/1.115+ds-1' into debian/trixie . distribution-gpg-keys (1.115+ds-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.115+ds' . distribution-gpg-keys (1.114+ds-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.114+ds' distribution-gpg-keys (1.114+ds-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.114+ds' dpdk (24.11.4-0+deb13u1) trixie; urgency=medium . [ Christian Ehrhardt ] * d/p/disable_arm64_autopkgtest_fails.patch: disable tests that are flaky in debci (Closes: #1114911) . [ Luca Boccassi ] * New upstream release 24.11.4. For a full list of changes in 24.11.4 see: https://doc.dpdk.org/guides/rel_notes/release_24_11.html dpdk (24.11.3-2) unstable; urgency=medium . [ Christian Ehrhardt ] * d/control: librte-net-ntnic25 is x86_64 only * d/control: librte-net-zxdh25 is x86_64 and arm64 only * d/p/disable_arm64_autopkgtest_fails.patch: disable tests that are flaky in debci (Closes: #1114911) dpdk (24.11.3-1) unstable; urgency=medium . * New upstream release 24.11.3. For a full list of changes in 24.11.3 see: https://doc.dpdk.org/guides/rel_notes/release_24_11.html dropbear (2025.89-1~deb13u1) trixie-security; urgency=high . * New upstream security and bugfix release (closes: #1123069). + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in Dropbear server. Other programs on a system may authenticate unix sockets via SO_PEERCRED, which would be root user for Dropbear forwarded connections, allowing root privilege escalation. + The server now drops privileges of the dropbear process after authentication. + Remote server TCP socket forwarding will now use OS privileged port restrictions rather than having a fixed "allow >=1024 for non-root" rule. + Unix stream sockets are now disallowed when a forced command is used, either with authorized_key restrictions or "dropbear -c command". * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test. edk2 (2025.02-8+deb13u1) trixie; urgency=medium . * Cherry-pick openssl fix for timing side-channel in ECDSA signature computation, CVE-2024-13176. - d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch * Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805. - d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch * Safe handling of IDT register on SMM entry, CVE-2025-3770. - d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch exfatprogs (1.2.9-1+deb13u1) trixie; urgency=medium . * Add trixie branch information to gbp.conf and Vcs-Git. * Add debian/patches/windows-compat-use-512-sector-size.patch for Windows compatibility. Windows fails to access devices with a 4KB sector size which use a 512Byte sector emulation. Cherry-Pick the revert from exfatprogs 1.3.0 to use a 512Byte sector size for those devices, despite the performance penalty. If a user would like to omit the Windows compatability "mkfs.exfat -s 4096" can still be used to override the sector size. (Closes: #1120932) extrepo-data (1.0.6~deb13u1) trixie; urgency=medium . * Reupload to stable. - This also includes a fix for the "build on trixie now fails" issue, which Closes: #1078614. extrepo-data (1.0.5) unstable; urgency=medium . [ Robin Schneider ] * switch vector repo to apt.vector.dev after old repo was shutdown * fix bug in validate-repo that prevented validation of Release file . [ Merlin Lüdicke ] * switch nvidia-docker to unified debian repo * add pgpainless-cli requirement to readme * add bookworm amd64 to virtualbox repo . [ Oscar A. Jara ] * Add Brave keys . [ Robin Schneider ] * Provide `vector` repo which will point to latest major release . [ Sergey Ponomarev ] * waydroid.yaml: add trixie and sid suites * README.md: add a command to install dependencies and example of validation . [ Holger Weiss ] * eturnal repository: Add trixie and sid suites . [ Nicolas Peugnet ] * Update element.io PGP key * Check for GOODSIG instead of VALIDSIG in validate-repo * Better log messages for validate-repo * Add Zotero-deb repo . [ Colin Watson ] * Add pyxian . [ mirabilos ] * Update wtf/wtf-lts . [ Oliver Smith ] * Osmocom: update gpg-key . [ Juri Grabowski ] * Add new repositories from Ondřej Surý * Rewrite elastic repositories #12 * add openmediavault repositories * add mysql-lts repository * add angie repository * add unifi repository * add opentofu repository * add helm repository * add azure-cli repository * add ceph repositories * add gopasspw repository * add trixie to winehq * add mozilla repository * add n.wtf nginx repository * add arctica-project repositories * add linux-libre repository * update gitlab key * Update elbe key * Update all possible repositories to bookworm * Close #1065421 . [ Jonathan Wiltshire ] * New signing key for Spotify * Update google-chrome signing key . [ Thomas Goirand ] * OpenStack debian.net backport repo: Add the OpenStack Caracal release. * Add ceph_reef repository . [ Wouter Verhelst ] * Add trivy repository * Add beidconnect repository * Consol repository don't support i386 architecture anymore ffmpeg (7:7.1.3-0+deb13u1) trixie-security; urgency=medium . * New upstream version 7.1.3 ffmpeg (7:7.1.2-1) unstable; urgency=medium . * New upstream version 7.1.2 - Fixes CVE-2025-1594 flatpak (1.16.2-1~deb13u1) trixie; urgency=medium . * d/control, d/gbp.conf: Use debian/trixie packaging branch * Summary of changes since trixie: - New upstream stable release, see 1.16.2-1 changelog (Closes: #1114484) - Fix FTBFS with DEB_BUILD_OPTIONS=nocheck (Closes: #1116737) - d/copyright: Point to GNU web address instead of old FSF postal address - d/copyright: Clarify possible interpretations of LGPL-2 * Revert changes that are not appropriate for a stable update: - Revert "Prefer the OpenSSL flavour of libcurl" - Revert "d/control: Only require gtk-doc-tools, etc. if we are building documentation" - Revert "Stop build-depending on libgirepository1.0-dev" - Revert "d/control: Remove Rules-Requires-Root" - Revert "Normalize formatting with debputy" . flatpak (1.16.2-1) unstable; urgency=medium . * New upstream stable release - Fix a memory leak in flatpak-session-helper when invoking host commands (flatpak-spawn --host) from privileged apps (Closes: #1114484) - Treat either the xe or i915 kernel module as indicating an Intel GPU, not just i915, and install the appropriate VA-API extensions - If using GLib 2.86.1 (specifically that version due to a regression that was later fixed), avoid exposing $HOME to apps if an XDG special directory such as Music is requested by the app but has been disabled locally - In flatpak-kill(1), make killing processes more robust, and avoid race conditions that could lead to the whole process group being killed - Allow `flatpak run` or `flatpak install --user` while under `sudo -u otheruser` or `sudo -g`, as long as the other user is not root, relaxing a check that was only intended to avoid accidents involving running as root - Provide an empty /run/host/font-dirs.xml during flatpak-build(1), avoiding spurious warnings for processes that use fontconfig during build-time tests - Fix a crash in `flatpak install --include-sdk` if the app is installed on a per-user basis but the corresponding SDK is already installed system-wide - Take the --reinstall option into account when installing a bundle - Add a missing argument to fcntl F_DUPFD_CLOEXEC during Flatpak's own build-time tests, fixing a test regression with newer glibc on Ubuntu - Fix flatpak-pin(1)/flatpak-mask(1) with multiple arguments, by reloading configuration when needed - Fix an assertion failure in flatpak-build-import-bundle(1) - When using the library API, allow http downloads with libcurl to be cancelled - If an OCI registry only has one image, allow the tag to be omitted - Fix a memory leak when using an OCI registry - Fix an uninitialized variable - Documentation improvements - Translation updates: pl * d/libflatpak-doc.install: Install single-file HTML documentation for the library. This was built by Autotools in 1.14.x and disappeared during the switch to Meson, but is now built again as a result of upstream fixes. . flatpak (1.16.1-3) unstable; urgency=medium . * Fix builds (Closes: #1116737) - d/control: Remove annotation from fuse3. This is required unconditionally (even if not running tests) since 1.15.7 upstream, so that the build system can autodetect the distro's appropriate path to fusermount3 or fusermount. - d/control, d/rules: Tighten up handling of nocheck and noinsttest. The upstream build system checks for some programs that are required during testing whenever the tests are compiled. If we are under both the nocheck and noinsttest build profiles, don't compile the tests, so that pkcheck and socat won't be needed in that configuration; and otherwise, we need them in Build-Depends. * d/control: Remove Rules-Requires-Root, no longer needed since trixie * Normalize formatting with debputy . flatpak (1.16.1-2) unstable; urgency=medium . * d/copyright: Point to GNU web address instead of old FSF postal address * d/copyright: Clarify possible interpretations of LGPL-2 * Stop build-depending on libgirepository1.0-dev. Build-depend on gobject-introspection (>= 1.80) instead. libgirepository1.0-dev is not multiarch-compatible and should be removed during the forky cycle. * d/control: Only require gtk-doc-tools, etc. if we are building documentation * Prefer the OpenSSL flavour of libcurl. This is the one that upstream is going to be testing with in practice. flatpak (1.16.1-3) unstable; urgency=medium . * Fix builds (Closes: #1116737) - d/control: Remove annotation from fuse3. This is required unconditionally (even if not running tests) since 1.15.7 upstream, so that the build system can autodetect the distro's appropriate path to fusermount3 or fusermount. - d/control, d/rules: Tighten up handling of nocheck and noinsttest. The upstream build system checks for some programs that are required during testing whenever the tests are compiled. If we are under both the nocheck and noinsttest build profiles, don't compile the tests, so that pkcheck and socat won't be needed in that configuration; and otherwise, we need them in Build-Depends. * d/control: Remove Rules-Requires-Root, no longer needed since trixie * Normalize formatting with debputy flatpak (1.16.1-2) unstable; urgency=medium . * d/copyright: Point to GNU web address instead of old FSF postal address * d/copyright: Clarify possible interpretations of LGPL-2 * Stop build-depending on libgirepository1.0-dev. Build-depend on gobject-introspection (>= 1.80) instead. libgirepository1.0-dev is not multiarch-compatible and should be removed during the forky cycle. * d/control: Only require gtk-doc-tools, etc. if we are building documentation * Prefer the OpenSSL flavour of libcurl. This is the one that upstream is going to be testing with in practice. fpdf2 (2.8.3-1+deb13u1) trixie; urgency=medium . * Stop wrongly removing fvar table, allowing again the use of fpdf2 with variable fonts. (Closes: 1110990) freedombox (25.9.3+deb13u1) trixie; urgency=medium . [ Sunil Mohan Adapa ] * distupgrade: Handle comments in sources.list file * distupgrade: Update Trixie's release date as announced * backups: Set proper permissions for backups-data directory (CVE-2025-68462) . [ James Valleroy ] * doc: Fetch latest manual freeradius (3.2.7+dfsg-1+deb13u2) trixie; urgency=medium . [ Didier Raboud ] * Backport patch to fix segfaults on TLS connections with more than one intermediate certificate (Closes: #1120927) . [ Bernhard Schmidt ] * Add d/gbp.conf for Trixie branch glib2.0 (2.84.4-3~deb13u2) trixie; urgency=medium . * d/patches: Add patches from 2.86.3 upstream to avoid integer overflows - d/p/gconvert-Error-out-if-g_escape_uri_string-would-overflow.patch, d/p/fuzzing-Add-fuzz-tests-for-g_filename_-to-from-_uri.patch: Fix an integer overflow when interpolating hundreds of megabytes of unescaped text into a URI, and add test coverage (CVE-2025-13601, glib#3827 upstream, Closes: #1121488) - d/p/gvariant-parser-Fix-potential-integer-overflow-parsing-by.patch: Fix an integer overflow when parsing very large strings in GVariant text format (CVE-2025-14087, glib#3834 upstream, Closes: #1122347) - d/p/gvariant-parser-Use-size_t-to-count-numbers-of-child-elem.patch, d/p/gvariant-parser-Convert-error-handling-code-to-use-size_t.patch: Fix other potential integer overflows parsing very large container types in GVariant text format, related to CVE-2025-14087 - d/p/gfileattribute-Fix-integer-overflow-calculating-escaping-.patch: Fix an integer overflow when escaping invalid characters in very large file attributes (CVE-2025-14512, glib#3845 upstream, Closes: #1122346) glibc (2.41-12+deb13u1) trixie; urgency=medium . * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a double lock init issue after fork() - Fix _dl_find_object when ld.so has LOAD segment gaps, causing wrong backtrace unwinding. This affects at least arm64. - Fix SYSCALL_CANCEL for return values larger than INT_MAX (closes: #1115729). - Fix crash in ifunc functions on arm64 when hardening with -ftrivial-auto-var-init=zero. - Optimize inverse trig functions on arm64. - Optimize arm64 SVE exp, hyperbolic, and log1p functions. - Optimize arm64 SVE expf and log1p helpers. gnome-shell (48.7-0+deb13u1) trixie; urgency=medium . * Team upload * New upstream release 48.5 - Avoid a crash when using the Draw-On-Gnome extension, fixing a regression in 48.3 (gnome-shell#8602 upstream) - Close the captive-portal authentication dialog when full network connectivity is detected (gnome-shell#7790 upstream) - Fix connecting to WPA Enterprise or WPA2 Enterprise networks from the quick settings menu (gnome-shell#8590 upstream) - Disable unneeded extensions before enabling new extensions, ensuring that there is never a time when two conflicting extensions are active (gnome-shell!3835 upstream) - Fix position of IBus candidate panel when using a scaled display (gnome-shell#8424 upstream) - During authentication, don't reset the authentication prompt on every tap/click, only when the prompt should change from hidden to visible (gnome-shell!3852 upstream) - Incorporate previously Debian-specific patches fixing X11 tray icon handling (gnome-shell!3818 upstream) - Avoid a possible source of lockups in keyboard focus handling (gnome-shell!3220 upstream) - Fix a memory leak with custom themes (gnome-shell#8509 upstream, LP: #2121786) - During authentication, don't discard typeahead when changing entry visibility (gnome-shell!3850 upstream) - Fix a crash when using a CSS-only Shell extension (gnome-shell#7339 upstream, previously fixed differently by a Debian-specific patch) - Improve debuggability of the actor tree (gnome-shell!3863 upstream) - Improve display of overview application search results in right-to-left locales (Arabic/Hebrew) (gnome-shell!3851 upstream) - Fix a crash during searches (gnome-shell#8651 upstream, LP: #2104113) - Fix a race condition causing intermittent stuck notifications (gnome-shell#6006 upstream) - Better forward-compatibility with post-trixie GLib versions (gnome-shell!3846, gnome-shell!3855 upstream) - Better forward-compatibility with post-trixie mutter versions (gnome-shell#4253 upstream) - Documentation/comment fixes - Translation updates: de, fi, th, zh_TW * New upstream release 48.6 - During authentication, move keyboard focus to the currently-visible widget, not always the text entry box (gnome-shell!3849 upstream) - Ensure that workspace selector reappears promptly when cancelling a search in the overview (gnome-shell#7985 upstream) - Warn instead of crashing if an unsupported accent colour is set, for example when swapping between Ubuntu's patched gnome-shell and an upstream gnome-shell (gnome-shell!3892 upstream) - Always send a valid value for the reason a notification was closed (gnome-shell!3907 upstream) - In the UI for screenshots, if a button doesn't have any other label, use its tooltip as the label for accessibility purposes (gnome-shell!3908 upstream) - When a notification instance is reused, don't send its activation event multiple times (gnome-shell!3904 upstream) - Don't emit spurious dotted circles when using the on-screen keyboard in the Hindi (Bolnagri) layout (gnome-shell#8719 upstream) - Remove unused argument to PopupMenu constructor (gnome-shell!3894 upstream) - Translation updates: ug * New upstream release 48.7 - Revert some changes in 48.6 that could cause regressions (not shown in the above summary) - Ensure network icon is updated on connectivity changes (gnome-shell#7357, gnome-shell#8549 upstream) - In gdm, sort the available sessions by their localized name, as displayed, and not by their internal IDs (gnome-shell!3920 upstream) - Add on-screen keyboard layouts for German (extended) and German (Austria, extended) (gnome-shell!3923 upstream) - Avoid zombie networkmanager-openvpn-auth processes when a VPN connection is stopped (gnome-shell#7083 upstream) - Avoid a warning on drag-and-drop when animations are disabled (gnome-shell!3922 upstream) - When logout, reboot or shutdown is prevented by a systemd inhibitor, don't log the cancellation with a stack trace as though it was an internal error (gnome-shell#8749 upstream) - Fix a crash when a window is closed immediately after losing on-screen keyboard focus (gnome-shell#8752 upstream) - Fix handling of multiple gdm greeter instances (gnome-shell!3942 upstream) - Fix warnings and potential use-after-free when the Shell exits in certain states (gnome-shell!3943 upstream) - Improve code clarity by using symbolic constants for SOURCE_CONTINUE, SOURCE_REMOVE (gnome-shell!3950 upstream) - Always return a result from "later" handlers (gnome-shell!3950 upstream) - Align search results' provider name better (gnome-shell!3951 upstream) - Always register the session with GDM on startup, even if no monitor is connected (gnome-shell!3708 upstream) - Fix misplaced separator in dash after unpinning running app (gnome-shell#3966, #3799 upstream) - Fix swipe gestures behaving incorrectly in RTL locales (gnome-shell!3967 upstream) - Fix some typos in documentation/comments - Translation updates: ro * Interface change: the misleadingly-named org.gnome.Shell.PortalHelper.Done signal has been renamed to org.gnome.Shell.PortalHelper.StatusChanged. In practice no other Debian package appears to subscribe to this signal, so this shouldn't have any effect. . [ Jeremy Bícha ] * Remove tray-icons patches: applied in 48.5 * Remove st-theme-node patch: alternative fix applied in 48.5 . [ Marco Trevisan (Treviño) ] * d/p/build-Define-test-dependencies.patch, d/p/extensions-app-Add-test-dependency-on-generated-desktop-f.patch: Add patches to fix tests' compilation dependencies * debian/tests: Add autopkgtests for GNOME Shell. We can just recompile gnome-shell and run the tests provided by upstream. * debian/tests: Run tests on the installed gnome-shell. Run the autopkgtests running the upstream-provided test scripts using the gnome-shell in the archive installed as it is. When in Ubuntu, we are also using the Ubuntu profile. * debian/salsa-ci: Enable i386 autopkgtests. i386 is kinda special in desktop, so better to track potential breakages. . [ Simon McVittie ] * Document upstream changes in detail * Rebase patch series - Drop one of Marco's new test-related build system patches (see above), applied in 48.5 * Slightly improve patch metadata gnome-shell (48.5-3) unstable; urgency=medium . * Team upload * Revert "Generate a versioned dependency for the GLib 2.86 transition" * Bump glib2.0 dependency to 2.86 unconditionally (part of #1115340) gnome-shell (48.5-2) unstable; urgency=medium . * Team upload * Generate a versioned dependency for the GLib 2.86 transition. GNOME Shell will need to be rebuilt after GLib 2.86 is uploaded to unstable, so that its typelibs declare a dependency on GioUnix, which they do not when built against older GLib. Generate a versioned dependency so that this can be done via either a binNMU or a sourceful upload. * d/rules: Use a more robust xvfb-run command-line (Mitigates: #981201) gnome-shell (48.5-1) unstable; urgency=medium . * New upstream release * debian/gnome-shell.gsettings-override: update Yelp to org.gnome.Yelp * Remove tray-icons patches applied in new release * Remove st-theme-node patch: alternative fix applied in new release gnome-shell (48.4-1) unstable; urgency=medium . * Team upload * New upstream stable release - network: If a network has no ID, don't treat it as available, avoiding breaking the network menu (gnome-shell!3785 upstream) - Improve URL recognition heuristic for notifications so that non-URLs do not become a link (gnome-shell#8517 upstream) - In gdm, improve efficiency of user list (gnome-shell!3799 upstream) - Fix signal order when taking a screenshot interactively is triggered via D-Bus, for example from xdg-desktop-portal (gnome-shell#8499 upstream) - Improve cursor scaling on systems with different-DPI monitors when using the Magnifier accessibility tool (gnome-shell!475 upstream) - In sliders like volume and brightness, avoid drawing part of the bar over the handle in RTL locales (gnome-shell!3817 upstream) - Improve robustness of signal connections in the Thunderbolt and smart-card code (gnome-shell!3796 upstream) - Code cleanups in extensions management service (part of gnome-shell!3750 upstream) - Translation updates * d/control: Bump gjs version to 1.81.2 as per meson.build. No practical effect, 1.82.x is already in trixie. * d/gbp.conf: Use debian/forky branch for uploads targeting forky. We'll stick to 48.x in testing/unstable for now, to get better testing for future 48.x updates in trixie. Preliminary 49.x packaging for experimental is already using the debian/latest branch. gnome-shell-extension-gsconnect (62-1+deb13u1) trixie-security; urgency=medium . * Cherrypick 3223595bb648ad09afd150ec56dadfe1f33bd641 gnupg2 (2.4.7-21+deb13u1) trixie; urgency=high . * Avoid potential downgrade to SHA1 in 3rd party key signatures. https://gpg.fail/sha1 #12 Patch from STABLE-BRANCH-2-4 * gpg: Error out on unverified output for non-detached signatures. https://gpg.fail/detached #1 Patch from STABLE-BRANCH-2-4 * gpg: Fix possible memory corruption in the armor parser (CVE-2025-68973) https://gpg.fail/memcpy #5 Patch from STABLE-BRANCH-2-4 (Closes: #1124221) * gpg: Do not use a default when asking for another output filename. https://gpg.fail/filename #2 Unfuzzed patch from GIT master gnutls28 (3.8.9-3+deb13u1) trixie; urgency=medium . * Add patch for CVE-2025-9820 / GNUTLS-SA-2025-11-18 from 3.8.11. Closes: #1121146 imagemagick (8:7.1.1.43+dfsg1-1+deb13u4) trixie; urgency=high . * Fix CVE-2025-62594 (Closes: #1119296) Imagemagick is vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. * Fix CVE-2025-65955 (Closes: #1122827) There is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. * Fix CVE-2025-66628 (Closes: #1122584) The TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. * Fix CVE-2025-68618: Magick's failure to limit the depth of SVG file reads caused a DoS attack. * Do not allow vid for vector graphics * Fix CVE-2025-68950: Magick's failure to limit MVG mutual references forming a loop * Fix CVE-2025-69204: Converting a malicious MVG file to SVG caused an integer overflow. incus (6.0.4-2+deb13u3) trixie; urgency=medium . * Backport fix for running nested docker in containers (Closes: #1121011) incus (6.0.4-2+deb13u2) trixie-security; urgency=high . * Backport upstream fix for GHSA-56mx-8g9f-5crf incus (6.0.4-2+deb13u2~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. - Drop dependency on virtiofsd, as it isn't available for bookworm - Drop apparmor 4.x patch - Relax dependency on lxcfs, since runit scripts aren't expected for bookworm - Add patch to remove dependency on go-criu - Add patch to build with older version of openfga-go-sdk - Add patch backporting RemoveAll from newer sftp intel-microcode (3.20251111.1~deb13u1) trixie; urgency=medium . * Upload to stable: no changes intel-microcode (3.20251111.1~deb12u1) bookworm; urgency=medium . * Backport to bookworm * debian/rules: revert use of /usr/lib/firmware for deb12 intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. iperf3 (3.18-2+deb13u2) trixie; urgency=medium . * Fix FTBS in trixie with openssl >= 3.5.3 (Closes: #1120866) kdeconnect (25.04.2-1+deb13u1) trixie-security; urgency=medium . * Cherrypick 1d757349d0f517ef12c119565ffb1f79503fbcdf keystone (2:27.0.0-3+deb13u1) trixie-security; urgency=high . * OSSA-2025-002: kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., from a presigned S3 URL), an unauthenticated attacker may obtain Keystone authorization (ec2tokens can yield a fully scoped token; s3tokens can reveal scope accepted by some services), resulting in unauthorized access and privilege escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients (e.g., exposed on a public API) are affected. Applied upstream patch (Closes: #1120053): - keystone-bug-2119646-stable-2025.1.patch kleopatra (4:24.12.3-1+deb13u1) trixie; urgency=medium . [ Sandro Knauß ] * Fix "Fails to start with a file argument on GNOME" by import upstream patches. (Closes: #1120106) krita (1:5.2.9+dfsg-1+deb13u1) trixie-security; urgency=medium . * CVE-2025-59820 lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) libcoap3 (4.3.4-1.1+deb13u2) trixie; urgency=medium . * CVE-2025-59391 (Closes: #1122290) fix OSCORE configuration file parsing issue * CVE-2025-65493 (Closes: 1121415) fix NULL pointer dereference * CVE-2025-65494 fix NULL pointer dereference * CVE-2025-65495 fix integer signedness * CVE-2025-65496 fix NULL pointer dereference * CVE-2025-65497 fix NULL pointer dereference * CVE-2025-65498 fix NULL pointer dereference * CVE-2025-65499 fix array index error * CVE-2025-65500 fix NULL pointer dereference * CVE-2025-65501 fix NULL pointer dereference libcupsfilters (2.0.0-3+deb13u1) trixie; urgency=medium . * CVE-2025-64503 fix an out of bounds write vulnerability when processing crafted PDF files containing a large 'Mediabox' value. (Closes: #1120697) . * CVE-2025-57812 fix an out of bounds read/write vulnerability in the processing of TIFF image files. (Closes: #1120703) libphp-adodb (5.22.9-0.1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Fix CVE-2025-54119: SQL injection in sqlite3 driver (Closes: #1110464) libpng1.6 (1.6.48-1+deb13u1) trixie-security; urgency=high . * Security upload targeting trixie. * Backport fixes for: - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219) - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218) - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217) - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216) - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877) * Set gbp.conf for trixie and enable salsa CI libreoffice (4:25.2.3-2+deb13u3) trixie; urgency=medium . * debian/patches/add-EUR-for-Bulgaria-Lew.diff: fix typo: s/BLN/BGN/, thanks Xisco Fauli * debian/patches/default-to-EUR-for-Bulgaria.diff: as name says libvirt (11.3.0-3+deb13u2) trixie; urgency=medium . * [c5ef2ce] patches: Add backports - backport/conf-Add-virDomainDefIDsParseString[...] - backport/bhyve-Check-ACLs-before-parsing-[...] - backport/libxl-Check-ACLs-before-parsing-[...] - backport/lxc-Check-ACLs-before-parsing-[...] - backport/vz-Check-ACLs-before-parsing-[...] - backport/ch-Check-ACLs-before-parsing-[...] - backport/qemu-Check-ACLs-before-parsing-[...] - Perform ACL checks earlier, preventing malicious users from potentially being able to crash the daemon - CVE-2025-12748 - Closes: #1120584 * [9c44722] patches: Add backports - backport/qemu-snapshot-Set-umask-for-qemu-img-[...] - Ensure that newly-created snapshots are not world-readable - CVE-2025-13193 - Closes: #1120119 * [74ba3ed] patches: Add backports - backport/qemuxmlconftest-Improve-coverage-of-disk-[...] - backport/qemu[...]-Setup-detect_zeroes-[...] - Apply the detect_zeroes settings across all layers of the backing chain instead of just the topmost one - Closes: #1121280 linux (6.12.63-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.58 - NFSD: Fix crash in nfsd4_read_release() - net: usb: asix_devices: Check return value of usbnet_get_endpoints - fbcon: Set fb_display[i]->mode to NULL when the mode is released - fbdev: atyfb: Check if pll_ops->init_pll failed - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() - ACPI: button: Call input_free_device() on failing input device registration - virtio-net: drop the multi-buffer XDP packet in zerocopy - fbdev: bitblit: bound-check glyph index in bit_putcs* - Bluetooth: rfcomm: fix modem control handling - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode - mptcp: drop bogus optimization in __mptcp_check_push() - mptcp: restore window probe - [arm64] ASoC: qdsp6: q6asm: do not sleep while atomic - [s390x] pci: Restore IRQ unconditionally for the zPCI device - smb: client: fix potential cfid UAF in smb2_query_info_compound - [amd64] x86/fpu: Ensure XFD state on signal delivery - wifi: ath10k: Fix memory leak on unsupported WMI command - wifi: ath11k: Add missing platform IDs for quirk table - wifi: ath12k: free skb during idr cleanup callback - wifi: ath11k: add support for MU EDCA - wifi: ath11k: avoid bit operation on key flags - [arm64] drm/msm/a6xx: Fix GMU firmware parser - ALSA: usb-audio: fix control pipe direction - wifi: mac80211: don't mark keys for inactive links as uploaded - wifi: mac80211: fix key tailroom accounting leak - bpf: Sync pending IRQ work before freeing ring buffer - scsi: ufs: core: Initialize value of an attribute returned by uic cmd - bpf: Find eligible subprogs for private stack support - bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth - bpf: Do not audit capability check in do_jit() - [amd64] ASoC: Intel: avs: Unprepare a stream when XRUN occurs - [amd64] ASoC: Intel: avs: Disable periods-elapsed work when closing PCM - [arm64,armhf] ASoC: fsl_sai: fix bit order for DSD format - libbpf: Fix powerpc's stack register definition in bpf_tracing.h - usbnet: Prevents free active kevent - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once - Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave - Bluetooth: ISO: Fix BIS connection dst_type handling - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 - Bluetooth: ISO: Fix another instance of dst_type handling - Bluetooth: hci_core: Fix tracking of periodic advertisement - [arm64,armhf] drm/etnaviv: fix flush sequence logic - [arm64] net: hns3: return error code when function fails - sfc: fix potential memory leak in efx_mae_process_mport() - dpll: spec: add missing module-name and clock-id to pin-get reply - [arm64,armhf] ASoC: fsl_sai: Fix sync error in consumer mode - drm/radeon: Do not kfree() devres managed rdev - drm/radeon: Remove calls to drm_put_dev() - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland - ACPI: fan: Use ACPI handle when retrieving _FST - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL - block: make REQ_OP_ZONE_OPEN a write operation - regmap: slimbus: fix bus_context pointer in regmap init calls - [s390x] mm: Fix memory leak in add_marker() when kvrealloc() fails - drm/xe: Do not wake device during a GT reset - drm/sysfb: Do not dereference NULL pointer in plane reset - drm/sched: avoid killing parent entity on child SIGKILL - drm/nouveau: Fix race in nouveau_sched_fini() - [arm64] drm/mediatek: Fix device use-after-free on unbind - drm/amd: Check that VPE has reached DPM0 in idle handler - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (Closes: #1000966) - ACPI: fan: Add fan speed reporting for fans with only _FST - ACPI: fan: Use platform device for devres-related actions - sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU - cpuidle: governors: menu: Rearrange main loop in menu_select() - cpuidle: governors: menu: Select polling state in some more cases - [amd64] mfd: kempld: Switch back to earlier ->init() behavior - [amd64] x86/CPU/AMD: Add RDSEED fix for Zen5 - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. - drm/sched: Optimise drm_sched_entity_push_job - drm/sched: Re-group and rename the entity run-queue lock - drm/sched: Fix race in drm_sched_entity_select_rq() - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump - [s390x] Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs - [arm64] firmware: qcom: scm: preserve assign_mem() error return value - [arm64] soc: qcom: smem: Fix endian-unaware access of num_entries - [arm64] soc: ti: pruss: don't use %pK through printk - bpf: Don't use %pK through printk - pinctrl: single: fix bias pull up/down handling in pin_config_set - [arm64] mmc: host: renesas_sdhi: Fix the actual clock - memstick: Add timeout to prevent indefinite waiting - [arm64,armhf] cpufreq: ti: Add support for AM62D2 - bpf: Use tnums for JEQ/JNE is_branch_taken logic - firewire: ohci: move self_id_complete tracepoint after validating register - [riscv64] irqchip/sifive-plic: Respect mask state when setting affinity - io_uring/zctx: check chained notif contexts - ACPI: sysfs: Use ACPI_FREE() for freeing an ACPI object - ACPI: video: force native for Lenovo 82K8 - libbpf: Fix USDT SIB argument handling causing unrecognized register error - cpufreq/longhaul: handle NULL policy in longhaul_exit - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA - ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] - thermal: gov_step_wise: Allow cooling level to be reduced earlier - power: supply: qcom_battmgr: add OOI chemistry - [amd64] hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models - [amd64] hwmon: (k10temp) Add device ID for Strix Halo - power: supply: sbs-charger: Support multiple devices - cpufreq: ondemand: Update the efficient idle check for Intel extended Families - [arm64,armhf] soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups - [arm64] firmware: qcom: tzmem: disable sc7180 platform - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - pwm: pca9685: Use bulk write to atomicially update registers - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - [amd64,arm64] tee: allow a driver to allocate a tee_device without a pool - nvmet-fc: avoid scheduling association deletion twice - nvme-fc: use lock accessing port_state and rport state - bpf: Do not limit bpf_cgroup_from_id to current's namespace - i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tools/cpupower: fix error return value in cpupower_write_sysfs() - power: supply: qcom_battmgr: handle charging state change notifications - bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 - cpuidle: Fail cpuidle device registration if there is one already - futex: Don't leak robust_list pointer on exec race - ACPI: SPCR: Support Precise Baud Rate field - blk-cgroup: fix possible deadlock while configuring policy - [riscv64] bpf: Fix uninitialized symbol 'retval_off' - bpf: Clear pfmemalloc flag when freeing all fragments - nvme: Use non zero KATO for persistent discovery connections - uprobe: Do not emulate/sstep original instruction when ip is changed - [amd64] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex - [amd64] hwmon: (dell-smm) Remove Dell Precision 490 custom config data - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/power x86_energy_perf_policy: Prefer driver HWP limits - [armhf] mfd: stmpe: Remove IRQ domain upon removal - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE - [riscv64] mfd: da9063: Split chip variant reading in two bus transactions - mfd: core: Increment of_node's refcount before linking it to the platform device - [amd64] mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs - drm/amd/display: fix condition for setting timing_adjust_pending - drm/amd/display: ensure committing streams is seamless - drm/amdgpu: add range check for RAS bad page address - drm/amdgpu: Check vcn sram load return value - drm/amd/display: Move setup_stream_attribute - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration - drm/xe/guc: Add more GuC load error status codes - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. - drm/amdgpu: Avoid rma causes GPU duplicate reset - drm/amd/amdgpu: Release xcp drm memory after unplug - drm/amdgpu: Skip poison aca bank from UE channel - drm/amd/display: add more cyan skillfish devices - drm/amd/display: update dpp/disp clock from smu clock table - drm/amd/pm: Use cached metrics data on aldebaran - drm/amd/pm: Use cached metrics data on arcturus - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - [arm64] ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off - drm/amd/display: Wait until OTG enable state is cleared - PCI: Disable MSI on RDC PCI to PCIe bridges - wifi: rtw89: print just once for unknown C2H events - wifi: rtw88: sdio: use indirect IO for device registers before power-on - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - media: pci: ivtv: Don't create fake v4l2_fh - [arm64] drm/tidss: Use the crtc_* timings when programming the HW - [arm64] drm/tidss: Set crtc modesetting parameters with adjusted mode - PCI/ERR: Update device error_state already after reset - [amd64] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - net: stmmac: Check stmmac_hw_setup() in stmmac_resume() - ice: Don't use %pK through printk or tracepoints - thunderbolt: Use is_pciehp instead of is_hotplug_bridge - tty: serial: ip22zilog: Use platform device for probing - [powerpc*] eeh: Use result of error_detected() in uevent - [s390x] pci: Use pci_uevent_ers() in PCI recovery - bridge: Redirect to backup port when port is administratively down - net: ipv6: fix field-spanning memcpy warning in AH output - media: imon: make send_packet() more robust - [arm64] drm/panthor: Serialize GPU cache flush operations - HID: pidff: Use direction fix only for conditional effects - HID: pidff: PERMISSIVE_CONTROL quirk autodetection - [arm64,armhf] drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts - drm/amdgpu: fix nullptr err of vm_handle_moved - drm/amdkfd: Handle lack of READ permissions in SVM mapping - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - iio: adc: imx93_adc: load calibrated values even calibration failed - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - wifi: rtw89: wow: remove notify during WoWLAN net-detect - wifi: rtw89: fix BSSID comparison for non-transmitted BSSID - dm error: mark as DM_TARGET_PASSES_INTEGRITY - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor - char: misc: Does not request module for miscdevice with dynamic minor - net: When removing nexthops, don't call synchronize_net if it is not necessary - net: stmmac: Correctly handle Rx checksum offload errors - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - f2fs: fix to detect potential corrupted nid in free_nid_list - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - bnxt_en: Add Hyper-V VF ID - tty: serial: Modify the use of dev_err_probe() - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units - [amd64,arm64] idpf: do not linearize big TSO packets - rds: Fix endianness annotation for RDS_MPATH_HASH - media: ipu6: isys: Set embedded data type correctly for metadata formats - rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table - net: ipv4: allow directed broadcast routes to use dst hint - scsi: mpi3mr: Fix I/O failures during controller reset - scsi: mpi3mr: Fix controller init failure on fault during queue creation - scsi: pm80xx: Fix race condition caused by static variables - remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device - fuse: zero initialize inode private data - drm/amdgpu: Correct the counts of nr_banks and nr_errors - drm/amdkfd: fix vram allocation failure for a special case - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - [amd64] platform/x86/intel-uncore-freq: Fix warning in partitioned system - media: fix uninitialized symbol warnings - media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS - [amd64] ASoC: SOF: ipc4-pcm: Add fixup for channels - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting - drm/amd/display: incorrect conditions for failing dto calculations - drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) - inet_diag: annotate data-races in inet_diag_bc_sk() - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() - [amd64] crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() - scsi: pm8001: Use int instead of u32 to store error codes - [arm64] scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on suspend - ptp: Limit time setting of PTP clocks - dmaengine: sh: setup_xref error handling - [arm64,armhf] dmaengine: mv_xor: match alloc_wc and free_wc - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate - drm/amdgpu: Allow kfd CRIU with no buffer objects - drm/xe/guc: Increase GuC crash dump buffer size - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled - [arm64] drm/panthor: check bo offset alignment in vm bind - drm: panel-backlight-quirks: Make EDID match optional - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - media: adv7180: Add missing lock in suspend callback - media: adv7180: Do not write format to device in set_fmt - media: adv7180: Only validate format in querystd - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls for decoders - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - [arm64,armhf] PCI: imx6: Enable the Vaux supply if available - drm/xe/guc: Set upper limit of H2G retries over CTB - net: call cond_resched() less often in __release_sock() - smsc911x: add second read of EEPROM mac when possible corruption seen - [amd64] iommu/amd: Skip enabling command/event buffers for kdump - [amd64] crypto: ccp: Skip SEV and SNP INIT for kdump boot - drm/amd: add more cyan skillfish PCI ids - drm/amdgpu: don't enable SMU on cyan skillfish - drm/amdgpu: add support for cyan skillfish gpu_info - drm/amd/display: Fix pbn_div Calculation Error - [arm64] net: dsa: felix: support phy-mode = "10g-qxgmii" - usb: gadget: f_hid: Fix zero length packet transfer - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget - tty/vt: Add missing return value for VT_RESIZE in vt_ioctl() - [arm64] drm/msm: make sure to not queue up recovery more than once - char: Use list_del_init() in misc_deregister() to reinitialize list pointer - PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list - [amd64] media: ov08x40: Fix the horizontal flip control - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer - f2fs: fix wrong layout information on 16KB page - net: phy: marvell: Fix 88e1510 downshift counter errata - ntfs3: pretend $Extend records as regular files - wifi: mac80211: Fix HE capabilities element check - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 - [arm64] drm/msm/registers: Generate _HI/LO builders for reg64 - net: sh_eth: Disable WoL if system can not suspend - netfilter: nf_reject: don't reply to icmp error messages - [amd64] x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT - net: devmem: expose tcp_recvmsg_locked errors - udp_tunnel: use netdev_warn() instead of netdev_WARN() - HID: asus: add Z13 folio to generic group for multitouch to work - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger - [arm64] crypto: sun8i-ce - remove channel timeout field - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() - [amd64] crypto: ccp - Fix incorrect payload size calculation in psp_poulate_hsti() - [arm64,armhf] crypto: caam - double the entropy delay interval for retry - net/cls_cgroup: Fix task_get_classid() during qdisc run - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device - wifi: mt76: mt7996: Temporarily disable EPCS - wifi: mt76: mt76_eeprom_override to int - ALSA: serial-generic: remove shared static buffer - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl - drm/amd/display: Set up pixel encoding for YCBCR422 - drm/amd/display: fix dml ms order of operations - drm/amd: Avoid evicting resources at S5 - drm/amd/display: Fix DVI-D/HDMI adapters - drm/amd/display: Disable VRR on DCE 6 - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START - page_pool: always add GFP_NOWARN for ATOMIC allocations - ethernet: Extend device_get_mac_address() to use NVMEM - HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 - drm/xe/guc: Return an error code if the GuC load fails - drm/amdgpu: reject gang submissions under SRIOV - scsi: ufs: core: Disable timestamp functionality if not supported - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology - allow finish_no_open(file, ERR_PTR(-E...)) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - f2fs: fix infinite loop in __insert_extent_tree() - wifi: rtw89: obtain RX path from ppdu status IE00 - wifi: rtw89: renew a completion for each H2C command waiting C2H event - usb: xhci-pci: add support for hosts with zero USB3 ports - ipv6: np->rxpmtu race annotation - RDMA/irdma: Update Kconfig - IB/ipoib: Ignore L3 master device - jfs: Verify inode mode when loading from disk - jfs: fix uninitialized waitqueue in transaction manager - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() - [arm64] ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() - net: phy: clear link parameters on admin link down - bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state - [amd64] iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() - wifi: ath10k: Fix connection after GTK rekeying - wifi: mac80211: Track NAN interface start/stop - net: intel: fm10k: Fix parameter idx set but not used - r8169: set EEE speed down ratio to 1 - vfio: return -ENOTTY for unsupported device feature - PCI/PM: Skip resuming to D0 if device is disconnected - remoteproc: qcom: q6v5: Avoid handling handover twice - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 - [armhf] net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463 - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream - drm/amd/display: Init dispclk from bootup clock for DCN314 - drm/amd/display: Fix for test crash due to power gating - drm/amd/display: change dc stream color settings only in atomic commit - NFSv4: handle ERR_GRACE on delegation recalls - NFSv4.1: fix mount hang after CREATE_SESSION failure - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing - net: bridge: Install FDB for bridge MAC on VLAN 0 - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() - [amd64] accel/habanalabs/gaudi2: fix BMON disable configuration - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate - [amd64] accel/habanalabs: return ENOMEM if less than requested pages were pinned - [amd64] accel/habanalabs/gaudi2: read preboot status after recovering from dirty state - [amd64] accel/habanalabs: support mapping cb with vmalloc-backed coherent memory - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock - ext4: increase IO priority of fastcommit - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw - [armhf] ASoC: stm32: sai: manage context in set_sysclk callback - [armhf] ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 - ACPI: scan: Update honor list for RPMI System MSI - vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices - net/mlx5e: Don't query FEC statistics when FEC is disabled - net: macb: avoid dealing with endianness in macb_set_hwaddr() - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames - Bluetooth: SCO: Fix UAF on sco_conn_free - Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922 - Bluetooth: bcsp: receive data only if registered - ALSA: usb-audio: add mono main switch to Presonus S1824c - net: stmmac: est: Drop frames causing HLBS error - exfat: limit log print for IO error - exfat: validate cluster allocation bits of the allocation bitmap - 6pack: drop redundant locking and refcounting - page_pool: Clamp pool size to max 16K pages - orangefs: fix xattr related buffer overflow... - ftrace: Fix softlockup in ftrace_module_enable - ksmbd: use sock_create_kern interface to create kernel socket - smb: client: transport: avoid reconnects triggered by pending task work - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr - usb: xhci-pci: Fix USB2-only root hub registration - char: misc: restrict the dynamic range to exclude reserved minors - drm/amd/display: Add fallback path for YCBCR422 - ACPICA: Update dsmethod.c to get rid of unused variable warning - RDMA/irdma: Fix SD index calculation - RDMA/irdma: Remove unused struct irdma_cq fields - RDMA/irdma: Set irdma_cq cq_num field during CQ create - [arm64] RDMA/hns: Fix recv CQ and QP cache affinity - [arm64] RDMA/hns: Fix the modification of max_send_sge - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around - btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation - btrfs: mark dirty extent range for out of bound prealloc extents - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - clk: sunxi-ng: sun6i-rtc: Add A523 specifics - [arm64] rtc: pcf2127: clear minute/second interrupt - 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled - [arm64] clk: scmi: Add duty cycle ops only when duty cycle is supported - 9p: fix /sys/fs/9p/caches overwriting itself - 9p: sysfs_init: don't hardcode error to ENOMEM - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS - ACPI: property: Return present device nodes only on fwnode interface - tools bitmap: Add missing asm-generic/bitsperlong.h include - tools: lib: thermal: don't preserve owner in install - tools: lib: thermal: use pkg-config to locate libnl3 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds - [arm64] rtc: pcf2127: fix watchdog interrupt mask on pcf2131 - net: wwan: t7xx: add support for HP DRMR-H01 - kbuild: uapi: Strip comments before size type check - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity - drm/amdkfd: Fix mmap write lock not release - ceph: add checking of wait_for_completion_killable() return value - ceph: fix potential race condition in ceph_ioctl_lazyio() - ceph: refactor wake_up_bit() pattern of calling - ceph: fix multifs mds auth caps issue - [amd64] x86: use cmov for user address masking - [amd64] x86/runtime-const: Add the RUNTIME_CONST_PTR assembly macro - [amd64] x86: uaccess: don't use runtime-const rewriting in modules - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again - btrfs: ensure no dirty metadata is written back for an fs with errors - media: uvcvideo: Use heuristic to find stream entity - media: videobuf2: forbid remove_bufs when legacy fileio is active - [arm64] drm/mediatek: Disable AFBC support on Mediatek DRM driver - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Closes: #1120680) - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up - [riscv64] ptdump: use seq_puts() in pt_dump_seq_puts() macro - Bluetooth: hci_event: validate skb length for unknown CC opcode - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() - [armhf] net: dsa: tag_brcm: legacy: reorganize functions - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx - net: vlan: sync VLAN features with lower device - gpio: swnode: don't use the swnode's name as the key for GPIO lookup - gpiolib: fix invalid pointer access in debugfs - [armhf] net: dsa: b53: fix resetting speed and pause on forced link - [armhf] net: dsa: b53: fix bcm63xx RGMII port link adjustment - [armhf] net: dsa: b53: fix enabling ip multicast - [armhf] net: dsa: b53: stop reading ARL entries if search is done - sctp: Hold RCU read lock while iterating over address list - sctp: Prevent TOCTOU out-of-bounds write - sctp: Hold sock lock while iterating over address list - net: ionic: add dma_wmb() before ringing TX doorbell - net: ionic: map SKB after pseudo-header checksum prep - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup - bnxt_en: Fix a possible memory leak in bnxt_ptp_init - bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type - bnxt_en: Refactor bnxt_free_ctx_mem() - bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem() - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup - net/mlx5e: Fix return value in case of module EEPROM read error - [arm64] net: ti: icssg-prueth: Fix fdb hash size configuration - net/mlx5e: SHAMPO, Fix skb size check for 64K pages - [armhf] net: dsa: microchip: Fix reserved multicast address table programming - net: bridge: fix use-after-free due to MST port state bypass - net: bridge: fix MST static key usage - tracing: Fix memory leaks in create_field_var() - drm/amd/display: Enable mst when it's detected but yet to be initialized - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() - [arm64] rtc: rx8025: fix incorrect register reference - [amd64] x86/microcode/AMD: Add more known models to entry sign checking - smb: client: validate change notify buffer before copy - smb: client: fix potential UAF in smb2_close_cached_fid() - drm/amdgpu/smu: Handle S0ix for vangogh - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments - virtio-net: fix received length check in big packets - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL - scsi: ufs: core: Add a quirk to suppress link_startup_again - drm/amd/display: update color on atomic commit time - ACPI: SPCR: Check for table version when using precise baudrate - drm/amdgpu: Fix unintended error log in VCN5_0_0 - drm/amdgpu: Fix function header names in amdgpu_connectors.c - drm/amd/display: Fix black screen with HDMI outputs https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.59 - [arm64] drm/mediatek: Add pm_runtime support for GCE power control - [amd64] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD - [amd64] drm/i915: Fix conversion between clock ticks and nanoseconds - smb: client: fix refcount leak in smb2_set_path_attr - drm/amd: Fix suspend failure with secure display TA - drm/xe/guc: Synchronize Dead CT worker with unbind - drm/xe: Move declarations under conditional branch - drm/xe: Do clean shutdown also when using flr - [arm64] kprobes: check the return value of set_memory_rox() - [riscv64] clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors - [riscv64] acpi: avoid errors caused by probing DT devices when ACPI is used - drm/amdgpu: remove two invalid BUG_ON()s - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices - NFS4: Fix state renewals missing after boot - NFS4: Apply delay_retrans to async operations - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - HID: nintendo: Wait longer for initial probe - NFS: check if suid/sgid was cleared after a write as needed - HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel - exfat: fix improper check of dentry.stream.valid_size - smb/server: fix possible memory leak in smb2_read() - smb/server: fix possible refcount leak in smb2_sess_setup() - HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() - erofs: avoid infinite loop due to incomplete zstd-compressed data - [arm64,armhf] net: fec: correct rx_bytes statistic for the case SHIFT16 is set - net: phy: micrel: Introduce lanphy_modify_page_reg - net: phy: micrel: Replace hardcoded pages with defines - net: phy: micrel: lan8814 fix reset of the QSGMII interface - NFSD: Skip close replay processing if XDR encoding fails - Bluetooth: MGMT: cancel mesh send timer when hdev removed - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto - net/smc: fix mismatch between CLC header and proposal - net/handshake: Fix memory leak in tls_handshake_accept() - tipc: Fix use-after-free in tipc_mon_reinit_self(). - net: mdio: fix resource leak in mdiobus_register_device() - wifi: mac80211: skip rate verification for not captured PSDUs - af_unix: Initialise scc_index in unix_add_edge(). - net_sched: act_connmark: use RCU in tcf_connmark_dump() - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak - net/mlx5e: Fix maxrate wraparound in threshold between units - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix potentially misleading debug message - net_sched: limit try_bulk_dequeue_skb() batches - virtio-net: fix incorrect flags recording in big mode - hsr: Fix supervision frame sending on HSRv0 - [amd64] ACPI: CPPC: Detect preferred core availability on online CPUs - [amd64] ACPI: CPPC: Check _CPC validity for only the online CPUs - [amd64] ACPI: CPPC: Perform fast check switch only for online CPUs - [amd64] ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs - Bluetooth: L2CAP: export l2cap_chan_hold for modules - acpi,srat: Fix incorrect device handle check for Generic Initiator - regulator: fixed: fix GPIO descriptor leak on register failure - [arm64] ASoC: codecs: va-macro: fix resource leak in probe error path - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE - ASoC: tas2781: fix getting the wrong device number - pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() - pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS - simplify nfs_atomic_open_v23() - NFSv2/v3: Fix error handling in nfs_atomic_open_v23() - NFS: sysfs: fix leak when nfs_client kobject add fails - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() - NFS: Fix LTP test failures when timestamps are delegated - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd - acpi/hmat: Fix lockdep warning for hmem_register_resource() - bpf: Add bpf_prog_run_data_pointers() - bpf: account for current allocated stack depth in widen_imprecise_scalars() - [riscv64] irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path - proc: fix the issue of proc_mem_open returning NULL - ext4: introduce ITAIL helper - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) - Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) - f2fs: fix to avoid overflow while left shift operation (CVE-2025-40077) - hostfs: Fix only passing host root in boot stage with new mount - virtio-fs: fix incorrect check for fsvq->kobj - fs/namespace: correctly handle errors returned by grab_requested_mnt_ns - sched_ext: Fix unsafe locking in the scx_dump_state() - Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678) - [arm64] dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 - [arm64] dts: rockchip: Make RK3588 GPU OPP table naming less generic - [armhf] dts: imx51-zii-rdu1: Fix audmux node names - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() - HID: playstation: Fix memory leak in dualshock4_get_calibration_data() - HID: uclogic: Fix potential memory leak in error path - [amd64] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated - nfsd: fix refcount leak in nfsd_set_fh_dentry() (CVE-2025-40212) - nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes - NFSD: free copynotify stateid in nfs4_free_ol_stateid() - ksmbd: close accepted socket when per-IP limit rejects connection - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item - strparser: Fix signed/unsigned mismatch bug - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe - nilfs2: avoid having an active sc_timer before freeing sci - wifi: mac80211: reject address change while connecting - fs/proc: fix uaf in proc_readdir_de() - mm/mm_init: fix hash table order logging in alloc_large_system_hash() - mm/shmem: fix THP allocation and fallback loop - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 - mmc: dw_mmc-rockchip: Fix wrong internal phase calculate - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer - cifs: client: fix memory leak in smb3_fs_context_parse_param - codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext - crash: fix crashkernel resource shrink - smb: client: fix cifs_pick_channel when channel needs reconnect - spi: Try to get ACPI GPIO IRQ earlier - [amd64] x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev - ftrace: Fix BPF fexit with livepatch - PM: hibernate: Emit an error when image writing fails - PM: hibernate: Use atomic64_t for compressed_size variable - btrfs: zoned: fix conventional zone capacity calculation - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() - btrfs: do not update last_log_commit when logging inode due to a new name - btrfs: release root after error in data_reloc_print_warning_inode() - drm/amdkfd: relax checks for over allocation of save area - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration failure - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove - [arm64,armhf] pmdomain: samsung: plug potential memleak during probe - mptcp: fix MSG_PEEK stream corruption - wifi: cfg80211: add an hrtimer based delayed work item - wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work - mm, percpu: do not consider sleepable allocations atomic - [amd64] KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() - [amd64] KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file - [amd64] KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying - net: netpoll: Individualize the skb pool - net: netpoll: flush skb pool during cleanup - net: netpoll: fix incorrect refcount handling causing incorrect cleanup - [amd64] KVM: VMX: Split out guts of EPT violation to common/exposed function - [amd64] KVM: VMX: Fix check for valid GVA on an EPT violation - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (CVE-2025-40097) - io_uring/napi: fix io_napi_entry RCU accesses - uio_hv_generic: Set event for all channels on the device (Closes: #1120602) - mm/memory: do not populate page table entries beyond i_size - mm/truncate: unmap large folio on split failure - mm/secretmem: fix use-after-free race in fault handler - mm/huge_memory: do not change split_huge_page*() target order silently - mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() - net: phy: micrel: Fix lan8814_config_init - net: netpoll: ensure skb_pool list is always initialized - proc: proc_maps_open allow proc_mem_open to return NULL - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CVE-2025-40213) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.60 - [arm64] KVM: arm64: Check the untrusted offset in FF-A memory share - timers: Fix NULL function pointer race in timer_shutdown_sync() - HID: amd_sfh: Stop sensor before starting - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Closes: #1114557) - [arm64] dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 - mtdchar: fix integer overflow in read/write ioctls - isofs: check the return value of sb_min_blocksize() in isofs_fill_super - shmem: fix tmpfs reconfiguration (remount) when noswap is set - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector - mptcp: Disallow MPTCP subflows from sockmap - mptcp: Fix proto fallback detection with BPF - ata: libata-scsi: Fix system suspend for a security locked drive - smb: client: introduce close_cached_dir_locked() - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() - be2net: pass wrb_params in case of OS2BMC - [armhf] net: dsa: microchip: lan937x: Fix RGMII delay tuning - [arm64,armhf] Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" - Input: cros_ec_keyb - fix an invalid memory access - Input: goodix - add support for ACPI ID GDIX1003 - Input: pegasus-notetaker - fix potential out-of-bounds access - mm/mempool: fix poisoning order>0 pages with HIGHMEM - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() - scsi: sg: Do not sleep in atomic context - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups - mptcp: fix race condition in mptcp_schedule_work() - mptcp: fix ack generation for fallback msk - mptcp: fix duplicate reset on fastclose - mptcp: fix premature close in case of fallback - mptcp: avoid unneeded subflow-level drops - mptcp: decouple mptcp fastclose from tcp close - mptcp: do not fallback when OoO is present - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple() - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock - drm/amd: Skip power ungate during suspend for VPE - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled - drm/amd/display: Increase DPCD read retries - drm/amd/display: Move sleep into each retry for retrieve_link_cap() - drm/amd/display: Fix pbn to kbps Conversion - drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 - xfrm: drop SA reference in xfrm_state_update if dir doesn't match - xfrm: set err and extack on failure to create pcpu SA - xfrm: Determine inner GSO type from packet inner protocol - xfrm: Prevent locally generated packets from direct output in tunnel mode - [amd64] pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - [arm64,armhf] drm/tegra: Add call to put_pid() - net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() - net: openvswitch: remove never-working support for setting nsh fields - nvme-multipath: fix lockdep WARN due to partition scan work - [s390x] ctcm: Fix double-kfree - [amd64] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - [amd64,arm64] idpf: fix possible vport_config NULL pointer deref in remove - ice: fix PTP cleanup on driver removal in error path - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy - net/mlx5: Clean up only new IRQ glue on request_irq() failure - af_unix: Cache state->msg in unix_stream_read_generic(). - af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). - cifs: fix memory leak in smb3_fs_context_parse_param error path - vsock: Ignore signal/timeout on connect() if already established - bcma: don't register devices disabled in OF - cifs: fix typo in enable_gcm_256 module parameter - scsi: core: Fix a regression triggered by scsi_host_busy() - [amd64] x86/microcode/AMD: Limit Entrysign signature checking to known generations - net: tls: Change async resync helpers argument - blk-crypto: use BLK_STS_INVAL for alignment errors - net: tls: Cancel RX async resync request on rcd_delta overflow - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check - [arm64] KVM: arm64: Make all 32bit ID registers fully writable - drm/xe: Prevent BIT() overflow when handling invalid prefetch region - [s390x] mm: Fix __ptep_rdp() inline assembly - ALSA: usb-audio: fix uac2 clock source at terminal parser - tracing/tools: Fix incorrcet short option in usage text for --threads - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough - smb: client: fix incomplete backport in cfids_invalidation_worker() - tty/vt: fix up incorrect backport to stable releases - maple_tree: fix tracepoint string pointers - [amd64] drm/i915/dp_mst: Disable Panel Replay - mptcp: fix a race in mptcp_pm_del_add_timer() - xfs: Replace strncpy with memcpy - xfs: fix out of bounds memory read error in symlink repair - drm/amd/display: avoid reset DTBCLK at clock init - drm/amd/display: disable DPP RCG before DPP CLK enable - drm/amd/display: Insert dccg log for easy debug - drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched - Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.61 - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface - Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind - Bluetooth: SMP: Fix not generating mackey and ltk when repairing - net: sched: generalize check for no-queue qdisc on TX queue - veth: apply qdisc backpressure on full ptr_ring to reduce TX drops - veth: prevent NULL pointer dereference in veth_xdp_rcv - veth: more robust handing of race to avoid txq getting stuck - veth: reduce XDP no_direct return section to fix race - [amd64] platform/x86: intel: punit_ipc: fix memory corruption - net: aquantia: Add missing descriptor cache invalidation on ATL2 - net: lan966x: Fix the initialization of taprio - drm/xe: Fix conversion from clock ticks to milliseconds - net/mlx5e: Fix validation logic in rate limiting - team: Move team device type change at the end of team_port_add - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling - net: wwan: mhi: Keep modem name match with Foxconn T99W640 - net: atlantic: fix fragment overflow handling in RX path - [arm64,armhf] net: fec: cancel perout_timer when PEROUT is disabled - [arm64,armhf] net: fec: do not update PEROUT if it is enabled - [arm64,armhf] net: fec: do not allow enabling PPS and PEROUT simultaneously - [arm64,armhf] net: fec: do not register PPS event for PEROUT - iio: st_lsm6dsx: Fixed calibrated timestamp calculation - [arm64] mailbox: mtk-cmdq: Refine DMA address handling for the command buffer - mailbox: pcc: Refactor error handling in irq handler into separate function - mailbox: pcc: don't zero error register - fs/namespace: fix reference leak in grab_requested_mnt_ns - spi: spi-mem: Allow specifying the byte order in Octal DTR mode - spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency - spi: spi-mem: Add a new controller capability - [arm64] spi: nxp-fspi: Support per spi-mem operation frequency switches - [arm64] spi: spi-nxp-fspi: remove the goto in probe - [arm64] spi: spi-nxp-fspi: Add OCT-DTR mode support - [arm64] spi: nxp-fspi: Propagate fwnode in ACPI case as well - Revert "drm/amd/display: Move setup_stream_attribute" - [amd64] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - iio: buffer-dma: support getting the DMA channel - iio: buffer-dmaengine: enable .get_dma_dev() - iio: buffer: support getting dma channel from the buffer - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411) - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 - [arm64] dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref - can: sja1000: fix max irq loop handling - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling - ceph: fix crash in process_v2_sparse_read() for encrypted directories - dm-verity: fix unreliable memory allocation - drivers/usb/dwc3: fix PCI parent check - smb: client: fix memory leak in cifs_construct_tcon() - [amd64] thunderbolt: Add support for Intel Wildcat Lake - [arm64] slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves - nvmem: layouts: fix nvmem_layout_bus_uevent - firmware: stratix10-svc: fix bug in saving controller data - mm/memfd: fix information leak in hugetlb folios - mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level - mptcp: clear scheduled subflows on retransmit - mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). - [arm*] serial: amba-pl011: prefer dma_mapping_error() over explicit address checking - usb: cdns3: Fix double resource release in cdns3_pci_probe - usb: gadget: f_eem: Fix memory leak in eem_unwrap - usb: storage: Fix memory leak in USB bulk transport - USB: storage: Remove subclass and protocol overrides from Novatek quirk - usb: storage: sddr55: Reject out-of-bound new_pba - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer - [amd64,arm64] usb: dwc3: pci: add support for the Intel Nova Lake -S - [amd64,arm64] usb: dwc3: pci: Sort out the Intel device IDs - [amd64,arm64] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths - xhci: fix stale flag preventig URBs after link state error is cleared - xhci: dbgtty: Fix data corruption when transmitting data form DbC to host - xhci: dbgtty: fix device unregister - USB: serial: ftdi_sio: add support for u-blox EVK-M101 - USB: serial: option: add support for Rolling RW101R-GL - drm: sti: fix device leaks at component probe - drm/amd/amdgpu: reserve vm invalidation engine for uni_mes - drm/amd/display: Check NULL before accessing - drm/amd/display: Don't change brightness for disabled connectors - [armhf] net: dsa: microchip: common: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: ptp: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: Don't free uninitialized ksz_irq - libceph: fix potential use-after-free in have_mon_and_osd_map() - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() - libceph: replace BUG_ON with bounds check for map->max_osd - staging: rtl8712: Remove driver using deprecated API wext - nfsd: Replace clamp_t in nfsd4_get_drc_mem() - usb: typec: ucsi: psy: Set max current to zero when disconnected - usb: udc: Add trace event for usb_gadget_set_state - usb: gadget: udc: fix use-after-free in usb_gadget_state_work - mm/huge_memory: fix NULL pointer deference when splitting folio - [amd64] KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() - [amd64] KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() - [amd64] KVM: nSVM: Fix and simplify LBR virtualization handling with nested - [amd64] KVM: SVM: Fix redundant updates of LBR MSR intercepts - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup - [armhf] net: dsa: microchip: Do not execute PTP driver code for unsupported switches - [armhf] net: dsa: microchip: Free previously initialized ports on init failures - wifi: ath12k: correctly handle mcast packets for clients - Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" - [amd64] drm/i915/dp: Initialize the source OUI write timestamp always - [arm64] spi: spi-nxp-fspi: Check return value of devm_mutex_init() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.62 - xfrm: delete x->tunnel as we delete x - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added - xfrm: flush all states in xfrm_state_fini - Documentation: process: Also mention Sasha Levin as stable tree maintainer - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted - ext4: refresh inline data size before write operations - ksmbd: ipc: fix use-after-free in ipc_msg_send_request - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() - [amd64] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced - USB: serial: option: add Foxconn T99W760 - USB: serial: option: add Telit Cinterion FE910C04 new compositions - USB: serial: option: move Telit 0x10c7 composition in the right place - USB: serial: ftdi_sio: match on interface number for jtag - serial: add support of CPCI cards - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() - [arm64,armhf] ipi: imx: keep dma request disabled before dma transfer setup - drm/vmwgfx: Use kref in vmw_bo_dirty - Bluetooth: btrtl: Avoid loading the config file on security chips - smb: fix invalid username check in smb3_fs_context_parse_param() - drm/amdkfd: Fix GPU mappings for APU after prefetch - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series - bfs: Reconstruct file type when loading from disk - HID: hid-input: Extend Elan ignore battery quirk to USB - nvme: fix admin request_queue lifetime - [arm64] pinctrl: qcom: msm: Fix deadlock in pinmux configuration - [amd64] platform/x86: acer-wmi: Ignore backlight event - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list - [amd64] platform/x86: huawei-wmi: add keys for HONOR models - [amd64] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list - [amd64] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally - HID: elecom: Add support for ELECOM M-XT3URBK (018F) - wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 - [amd64] comedi: check device's attached status in compat ioctls - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing - bus: mhi: host: pci_generic: Add Telit FN920C04 modem support - bus: mhi: host: pci_generic: Add Telit FN990B40 modem support https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.63 - [arm64,armhf] gpu: host1x: Fix race in syncpt alloc/free - [amd64] accel/ivpu: Prevent runtime suspend during context abort work - [amd64] accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail - [amd64] accel/ivpu: Make function parameter names consistent - [amd64] accel/ivpu: Fix DCT active percent format - drm/vgem-fence: Fix potential deadlock on release - USB: Fix descriptor count when handling invalid MBIM extended descriptor - [arm64] pinctrl: renesas: rzg2l: Fix PMC restore - [arm64] clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback - [arm64] clk: renesas: Use str_on_off() helper - [arm64] clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register - [arm64] clk: renesas: cpg-mssr: Read back reset registers to assure values latched - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() - objtool: Fix standalone --hacks=jump_label - objtool: Fix weak symbol detection - wifi: ath10k: Avoid vdev delete timeout when firmware is already down - wifi: ath10k: Add missing include of export.h - wifi: ath10k: move recovery check logic into a new work - wifi: ath11k: restore register window after global reset - sched/fair: Forfeit vruntime on yield - [arm*] irqchip/irq-brcmstb-l2: Fix section mismatch - [arm64,armhf] irqchip/imx-mu-msi: Fix section mismatch - [arm64] irqchip/renesas-rzg2l: Fix section mismatch - [riscv64] irqchip/starfive-jh8100: Fix section mismatch - [arm64] irqchip/qcom-irq-combiner: Fix section mismatch - crypto: authenc - Correctly pass EINPROGRESS back up to the caller - ntfs3: fix uninit memory after failed mi_read in mi_format_new - ntfs3: Fix uninit buffer allocated by __getname() - dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets - dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets - clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets - rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() - inet: Avoid ehash lookup race in inet_ehash_insert() - inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() - firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc - block/mq-deadline: Introduce dd_start_request() - block/mq-deadline: Switch back to a single dispatch list - [arm64] dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props - [arm64] dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl - [arm64] dts: imx8mp-venice-gw702x: remove off-board uart - [arm64] dts: imx8mp-venice-gw702x: remove off-board sdhc1 - perf annotate: Check return value of evsel__get_arch() properly - [arm64] dts: exynos: gs101: fix sysreg_apm reg property - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe - soc: Switch back to struct platform_driver::remove() - [arm64] soc: qcom: gsbi: fix double disable caused by devm - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id - wifi: ath11k: fix VHT MCS assignment - wifi: ath11k: fix peer HE MCS assignment - [s390x] smp: Fix fallback CPU detection - [s390x] ap: Don't leak debug feature files if AP instructions are not available - [arm64] dts: ti: k3-am62p: Fix memory ranges for GPU - firmware: imx: scu-irq: fix OF node leak in - [arm64] dts: qcom: x1e80100: Fix compile warnings for USB HS controller - [arm64] dts: qcom: x1e80100: Add missing quirk for HS only USB controller - [arm64] dts: qcom: sdm845-oneplus: Correct gpio used for slider - [arm64] dts: qcom: sm8650: set ufs as dma coherent - [arm64] dts: qcom: qcm6490-shift-otter: Add missing reserved-memory - phy: mscc: Fix PTP for VSC8574 and VSC8572 - sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure - Revert "mtd: rawnand: marvell: fix layouts" - [arm64,armhf] mtd: nand: relax ECC parameter validation check - perf: Remove get_perf_callchain() init_nr argument - bpf: Refactor stack map trace depth calculation into helper function - bpf: Fix stackmap overflow check in __bpf_get_stackid() - [amd64] perf/x86/intel/cstate: Remove PC3 support from LunarLake - task_work: Fix NMI race condition - [amd64] x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() - tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set - [arm64] soc: qcom: smem: fix hwspinlock resource leak in probe error paths - [armhf] pinctrl: stm32: fix hwspinlock resource leak in probe function - i3c: fix refcount inconsistency in i3c_master_register - i3c: master: svc: Prevent incomplete IBI transaction - wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() - [arm64] interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS - [arm64] dts: qcom: msm8996: add interconnect paths to USB2 controller - interconnect: debugfs: Fix incorrect error handling for NULL path - drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() - perf lock contention: Load kernel map before lookup - perf record: skip synthesize event when open evsel failed - power: supply: rt5033_charger: Fix device node reference leaks - power: supply: cw2015: Check devm_delayed_work_autocancel() return code - power: supply: max17040: Check iio_read_channel_processed() return code - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() - power: supply: wm831x: Check wm831x_set_bits() return value - power: supply: apm_power: only unset own apm_get_power_status - scsi: target: Do not write NUL characters into ASCII configfs output - fs/9p: Don't open remote file with APPEND mode when writeback cache is used - [arm64] drm/panthor: Handle errors returned by drm_sched_entity_init() - [arm64] drm/panthor: Fix group_free_queue() for partially initialized queues - [arm64] drm/panthor: Fix UAF race between device unplug and FW event processing - [arm64] drm/panthor: Fix race with suspend during unplug - [arm64] drm/panthor: Fix UAF on kernel BO VA nodes - libbpf: Fix parsing of multi-split BTF - [armhf] dts: am335x-netcom-plus-2xx: add missing GPIO labels - [armhf] dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible - [armhf] dts: omap3: n900: Correct obsolete TWL4030 power compatible - [amd64] x86/boot: Fix page table access in 5-level to 4-level paging transition - efi/libstub: Fix page table access in 5-level to 4-level paging transition - ext4: correct the checking of quota files before moving extents - [amd64] perf/x86/intel: Correct large PEBS flag check - regulator: core: disable supply if enabling main regulator fails - md: fix rcu protection in md_wakeup_thread - nbd: defer config put in recv_work - scsi: stex: Fix reboot_notifier leak in probe error path - scsi: smartpqi: Fix device resources accessed after device removal - dt-bindings: PCI: amlogic: Fix the register name of the DBI region - RDMA/rtrs: server: Fix error handling in get_or_create_srv - ntfs3: init run lock for extend inode - [arm64] drm/panthor: Fix potential memleak of vma structure - scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() - [amd64] cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs - [powerpc*] kdump: Fix size calculation for hot-removed memory ranges - [powerpc*] 32: Fix unpaired stwcx. on interrupt exit - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() - nbd: defer config unlock in nbd_genl_connect - coresight: Change device mode to atomic type - [arm64] coresight: etm4x: Correct polling IDLE bit - [arm64] coresight: etm4x: Extract the trace unit controlling - [arm64] coresight: etm4x: Add context synchronization before enabling trace - lib/vsprintf: Check pointer before dereferencing in time_and_date() - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() - scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls - leds: netxbig: Fix GPIO descriptor leak in error paths - bpf: Free special fields when update [lru_,]percpu_hash maps - PCI: keystone: Exit ks_pcie_probe() for invalid mode - [arm64] dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C - [amd64] crypto: iaa - Fix incorrect return value in save_iaa_wq() - [arm64] drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype - ps3disk: use memcpy_{from,to}_bvec index - bpf: Handle return value of ftrace_set_filter_ip in register_fentry - bpf: Check skb->transport_header is set in bpf_skb_check_mtu - watchdog: wdat_wdt: Fix ACPI table leak in probe function - watchdog: starfive: Fix resource leak in probe error path - tracefs: fix a leak in eventfs_create_events_dir() - NFSD/blocklayout: Fix minlength check in proc_layoutget - block/blk-throttle: Fix throttle slice time for SSDs - [arm64] drm/msm/a2xx: stop over-complaining about the legacy firmware - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() - bpf: Fix invalid prog->stats access when update_effective_progs fails - [powerpc*] 64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit - [powerpc*] 64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format - fs/ntfs3: out1 also needs to put mi - fs/ntfs3: Prevent memory leaks in add sub record - [arm64] drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue - [arm64] drm/msm/a6xx: Flush LRZ cache before PT switch - [arm64] drm/msm/a6xx: Fix the gemnoc workaround - [arm64] drm/msm/a6xx: Improve MX rail fallback in RPMH vote init - ipv6: clear RA flags when adding a static route (Closes: #1117959) - pwm: bcm2835: Make sure the channel is enabled after pwm_request() - scsi: qla2xxx: Fix improper freeing of purex item - [amd64] iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb - wifi: mac80211: fix CMAC functions not handling errors - [arm64] mfd: mt6397-irq: Fix missing irq_domain_remove() in error path - [arm64] mfd: mt6358-irq: Fix missing irq_domain_remove() in error path - leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM - [arm64] phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() - [arm64] phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth - [arm64] phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits - net: phy: adin1100: Fix software power-down ready condition - cpuset: Treat cpusets in attaching as populated - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() - RAS: Report all ARM processor CPER information to userspace - ima: Handle error code returned by ima_filter_rule_match() - usb: chaoskey: fix locking for O_NONBLOCK - usb: dwc2: disable platform lowlevel hw resources during shutdown - usb: dwc2: fix hang during shutdown if set as peripheral - usb: dwc2: fix hang during suspend if set as peripheral - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE - [riscv64] KVM: Fix guest page fault within HLV* instructions - erofs: limit the level of fs stacking for file-backed mounts - RDMA/bnxt_re: Fix the inline size for GenP7 devices - RDMA/bnxt_re: Pass correct flag for dma mr creation - ASoC: tas2781: correct the wrong period - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() - [arm64] iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables - btrfs: fix leaf leak in an error path in btrfs_del_items() - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition - drm/nouveau: restrict the flush page to a 32-bit address - iomap: factor out a iomap_dio_done helper - iomap: always run error completions in user context - wifi: ieee80211: correct FILS status codes - backlight: led-bl: Add devlink to supplier LEDs - backlight: lp855x: Fix lp855x.h kernel-doc warnings - [arm64] iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal - RDMA/irdma: Fix data race in irdma_sc_ccq_arm - RDMA/irdma: Fix data race in irdma_free_pble - RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY - [arm64] drm/panthor: Avoid adding of kernel BOs to extobj list - gfs2: Prevent recursive memory reclaim - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() - hwmon: sy7636a: Fix regulator_enable resource leak on error path - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 - ublk: prevent invalid access with DEBUG - ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation - of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node - virtio_vdpa: fix misleading return in void function - virtio: fix typo in virtio_device_ready() comment - virtio: fix whitespace in virtio_config_ops - virtio: fix grammar in virtio_queue_info docs - virtio: fix virtqueue_set_affinity() docs - vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues - vhost: Fix kthread worker cgroup failure handling - vdpa/pds: use %pe for ERR_PTR() in event handler registration - [amd64] ASoC: Intel: catpt: Fix error path in hw_params() - [armhf] dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex - resource: replace open coded resource_intersection() - resource: introduce is_type_match() helper and use it - Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" - netfilter: flowtable: check for maximum number of encapsulations in bridge vlan - netfilter: nf_conncount: rework API to use sk_buff directly - netfilter: nft_connlimit: update the count if add was skipped - net: stmmac: fix rx limit check in stmmac_rx_zc() - vfio/pci: Use RCU for error/request triggers to avoid circular locking - net: phy: aquantia: check for NVMEM deferral - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds - [arm64] remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs - md/raid5: fix IO hang when array is broken with IO inflight - net: hsr: remove one synchronize_rcu() from hsr_del_port() - net: hsr: remove synchronize_rcu() from hsr_add_port() - net: hsr: Create and export hsr_get_port_ndev() - net: hsr: create an API to get hsr port type - net: dsa: xrs700x: reject unsupported HSR configurations - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325) - perf tools: Mark split kallsyms DSOs as loaded - perf tools: Fix split kallsyms DSO counting - perf hist: In init, ensure mem_info is put on error paths - [arm64,armhf] pinctrl: single: Fix incorrect type for error return variable - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() - 9p: fix cache/debug options printing in v9fs_show_options - sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out - [amd64] platform/x86:intel/pmc: Update Arrow Lake telemetry GUID - f2fs: keep POSIX_FADV_NOREUSE ranges - f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages - f2fs: fix to avoid running out of free segments - f2fs: add carve_out sysfs node - f2fs: sysfs: add encoding_flags entry - f2fs: introduce reserved_pin_section sysfs entry - f2fs: add gc_boost_gc_multiple sysfs node - f2fs: add gc_boost_gc_greedy sysfs node - f2fs: maintain one time GC mode is enabled during whole zoned GC cycle - NFS: Avoid changing nlink when file removes and attribute updates race - fs/nls: Fix utf16 to utf8 conversion - NFS: Initialise verifiers for visible dentries in readdir and lookup - NFS: Initialise verifiers for visible dentries in nfs_atomic_open() - nfs/vfs: discard d_exact_alias() - NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid - Revert "nfs: ignore SB_RDONLY when remounting nfs" - Revert "nfs: clear SB_RDONLY before getting superblock" - Revert "nfs: ignore SB_RDONLY when mounting nfs" - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags - Expand the type of nfs_fattr->valid - NFS: Fix inheritance of the block sizes when automounting - fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() - [amd64] platform/x86: asus-wmi: use brightness_set_blocking() for kbd led - blk-mq: Abort suspend when wakeup events are pending - block: fix comment for op_is_zone_mgmt() to include RESET_ALL - block: fix memory leak in __blkdev_issue_zero_pages - nvme-auth: use kvfree() for memory allocated with kvcalloc() - drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() - regulator: fixed: Rely on the core freeing the enable GPIO - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events - drm/nouveau: refactor deprecated strcpy - cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 - docs: hwmon: fix link to g762 devicetree binding - dma/pool: eliminate alloc_pages warning in atomic_pool_expand - ALSA: uapi: Fix typo in asound.h comment - drm/amdkfd: Use huge page size to check split svm range alignment - rtc: gamecube: Check the return value of ioremap() - ALSA: firewire-motu: add bounds check in put_user loop for DSP events - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock - block: return unsigned int from queue_dma_alignment - dm-raid: fix possible NULL dereference with undefined raid type - dm log-writes: Add missing set_freezable() for freezable kthread - efi/cper: Add a new helper function to print bitmasks - efi/cper: Adjust infopfx size to accept an extra space - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (CVE-2025-68324) - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() - ocfs2: fix memory leak in ocfs2_merge_rec_left() - net: lan743x: Allocate rings outside ZONE_DMA - net: dst: introduce dst->dev_rcu - tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075) - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt - usb: phy: Initialize struct usb_phy list_head - usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required - ALSA: dice: fix buffer overflow in detect_stream_formats() - ALSA: wavefront: Fix integer overflow in sample size validation . [ Uwe Kleine-König ] * [armhf] Enable LEDS_TURRIS_OMNIA as a module for Turris Omnia LED support. . [ Maxwell Pevner ] * drivers/hid: Enable HID_UNIVERSAL_PIDFF as module (Closes: #1122144) linux-signed-amd64 (6.12.63+1) trixie; urgency=medium . * Sign kernel from linux 6.12.63-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.58 - NFSD: Fix crash in nfsd4_read_release() - net: usb: asix_devices: Check return value of usbnet_get_endpoints - fbcon: Set fb_display[i]->mode to NULL when the mode is released - fbdev: atyfb: Check if pll_ops->init_pll failed - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() - ACPI: button: Call input_free_device() on failing input device registration - virtio-net: drop the multi-buffer XDP packet in zerocopy - fbdev: bitblit: bound-check glyph index in bit_putcs* - Bluetooth: rfcomm: fix modem control handling - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode - mptcp: drop bogus optimization in __mptcp_check_push() - mptcp: restore window probe - [arm64] ASoC: qdsp6: q6asm: do not sleep while atomic - [s390x] pci: Restore IRQ unconditionally for the zPCI device - smb: client: fix potential cfid UAF in smb2_query_info_compound - [amd64] x86/fpu: Ensure XFD state on signal delivery - wifi: ath10k: Fix memory leak on unsupported WMI command - wifi: ath11k: Add missing platform IDs for quirk table - wifi: ath12k: free skb during idr cleanup callback - wifi: ath11k: add support for MU EDCA - wifi: ath11k: avoid bit operation on key flags - [arm64] drm/msm/a6xx: Fix GMU firmware parser - ALSA: usb-audio: fix control pipe direction - wifi: mac80211: don't mark keys for inactive links as uploaded - wifi: mac80211: fix key tailroom accounting leak - bpf: Sync pending IRQ work before freeing ring buffer - scsi: ufs: core: Initialize value of an attribute returned by uic cmd - bpf: Find eligible subprogs for private stack support - bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth - bpf: Do not audit capability check in do_jit() - [amd64] ASoC: Intel: avs: Unprepare a stream when XRUN occurs - [amd64] ASoC: Intel: avs: Disable periods-elapsed work when closing PCM - [arm64,armhf] ASoC: fsl_sai: fix bit order for DSD format - libbpf: Fix powerpc's stack register definition in bpf_tracing.h - usbnet: Prevents free active kevent - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once - Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave - Bluetooth: ISO: Fix BIS connection dst_type handling - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 - Bluetooth: ISO: Fix another instance of dst_type handling - Bluetooth: hci_core: Fix tracking of periodic advertisement - [arm64,armhf] drm/etnaviv: fix flush sequence logic - [arm64] net: hns3: return error code when function fails - sfc: fix potential memory leak in efx_mae_process_mport() - dpll: spec: add missing module-name and clock-id to pin-get reply - [arm64,armhf] ASoC: fsl_sai: Fix sync error in consumer mode - drm/radeon: Do not kfree() devres managed rdev - drm/radeon: Remove calls to drm_put_dev() - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland - ACPI: fan: Use ACPI handle when retrieving _FST - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL - block: make REQ_OP_ZONE_OPEN a write operation - regmap: slimbus: fix bus_context pointer in regmap init calls - [s390x] mm: Fix memory leak in add_marker() when kvrealloc() fails - drm/xe: Do not wake device during a GT reset - drm/sysfb: Do not dereference NULL pointer in plane reset - drm/sched: avoid killing parent entity on child SIGKILL - drm/nouveau: Fix race in nouveau_sched_fini() - [arm64] drm/mediatek: Fix device use-after-free on unbind - drm/amd: Check that VPE has reached DPM0 in idle handler - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (Closes: #1000966) - ACPI: fan: Add fan speed reporting for fans with only _FST - ACPI: fan: Use platform device for devres-related actions - sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU - cpuidle: governors: menu: Rearrange main loop in menu_select() - cpuidle: governors: menu: Select polling state in some more cases - [amd64] mfd: kempld: Switch back to earlier ->init() behavior - [amd64] x86/CPU/AMD: Add RDSEED fix for Zen5 - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. - drm/sched: Optimise drm_sched_entity_push_job - drm/sched: Re-group and rename the entity run-queue lock - drm/sched: Fix race in drm_sched_entity_select_rq() - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump - [s390x] Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs - [arm64] firmware: qcom: scm: preserve assign_mem() error return value - [arm64] soc: qcom: smem: Fix endian-unaware access of num_entries - [arm64] soc: ti: pruss: don't use %pK through printk - bpf: Don't use %pK through printk - pinctrl: single: fix bias pull up/down handling in pin_config_set - [arm64] mmc: host: renesas_sdhi: Fix the actual clock - memstick: Add timeout to prevent indefinite waiting - [arm64,armhf] cpufreq: ti: Add support for AM62D2 - bpf: Use tnums for JEQ/JNE is_branch_taken logic - firewire: ohci: move self_id_complete tracepoint after validating register - [riscv64] irqchip/sifive-plic: Respect mask state when setting affinity - io_uring/zctx: check chained notif contexts - ACPI: sysfs: Use ACPI_FREE() for freeing an ACPI object - ACPI: video: force native for Lenovo 82K8 - libbpf: Fix USDT SIB argument handling causing unrecognized register error - cpufreq/longhaul: handle NULL policy in longhaul_exit - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA - ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] - thermal: gov_step_wise: Allow cooling level to be reduced earlier - power: supply: qcom_battmgr: add OOI chemistry - [amd64] hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models - [amd64] hwmon: (k10temp) Add device ID for Strix Halo - power: supply: sbs-charger: Support multiple devices - cpufreq: ondemand: Update the efficient idle check for Intel extended Families - [arm64,armhf] soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups - [arm64] firmware: qcom: tzmem: disable sc7180 platform - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - pwm: pca9685: Use bulk write to atomicially update registers - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - [amd64,arm64] tee: allow a driver to allocate a tee_device without a pool - nvmet-fc: avoid scheduling association deletion twice - nvme-fc: use lock accessing port_state and rport state - bpf: Do not limit bpf_cgroup_from_id to current's namespace - i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tools/cpupower: fix error return value in cpupower_write_sysfs() - power: supply: qcom_battmgr: handle charging state change notifications - bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 - cpuidle: Fail cpuidle device registration if there is one already - futex: Don't leak robust_list pointer on exec race - ACPI: SPCR: Support Precise Baud Rate field - blk-cgroup: fix possible deadlock while configuring policy - [riscv64] bpf: Fix uninitialized symbol 'retval_off' - bpf: Clear pfmemalloc flag when freeing all fragments - nvme: Use non zero KATO for persistent discovery connections - uprobe: Do not emulate/sstep original instruction when ip is changed - [amd64] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex - [amd64] hwmon: (dell-smm) Remove Dell Precision 490 custom config data - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/power x86_energy_perf_policy: Prefer driver HWP limits - [armhf] mfd: stmpe: Remove IRQ domain upon removal - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE - [riscv64] mfd: da9063: Split chip variant reading in two bus transactions - mfd: core: Increment of_node's refcount before linking it to the platform device - [amd64] mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs - drm/amd/display: fix condition for setting timing_adjust_pending - drm/amd/display: ensure committing streams is seamless - drm/amdgpu: add range check for RAS bad page address - drm/amdgpu: Check vcn sram load return value - drm/amd/display: Move setup_stream_attribute - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration - drm/xe/guc: Add more GuC load error status codes - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. - drm/amdgpu: Avoid rma causes GPU duplicate reset - drm/amd/amdgpu: Release xcp drm memory after unplug - drm/amdgpu: Skip poison aca bank from UE channel - drm/amd/display: add more cyan skillfish devices - drm/amd/display: update dpp/disp clock from smu clock table - drm/amd/pm: Use cached metrics data on aldebaran - drm/amd/pm: Use cached metrics data on arcturus - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - [arm64] ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off - drm/amd/display: Wait until OTG enable state is cleared - PCI: Disable MSI on RDC PCI to PCIe bridges - wifi: rtw89: print just once for unknown C2H events - wifi: rtw88: sdio: use indirect IO for device registers before power-on - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - media: pci: ivtv: Don't create fake v4l2_fh - [arm64] drm/tidss: Use the crtc_* timings when programming the HW - [arm64] drm/tidss: Set crtc modesetting parameters with adjusted mode - PCI/ERR: Update device error_state already after reset - [amd64] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - net: stmmac: Check stmmac_hw_setup() in stmmac_resume() - ice: Don't use %pK through printk or tracepoints - thunderbolt: Use is_pciehp instead of is_hotplug_bridge - tty: serial: ip22zilog: Use platform device for probing - [powerpc*] eeh: Use result of error_detected() in uevent - [s390x] pci: Use pci_uevent_ers() in PCI recovery - bridge: Redirect to backup port when port is administratively down - net: ipv6: fix field-spanning memcpy warning in AH output - media: imon: make send_packet() more robust - [arm64] drm/panthor: Serialize GPU cache flush operations - HID: pidff: Use direction fix only for conditional effects - HID: pidff: PERMISSIVE_CONTROL quirk autodetection - [arm64,armhf] drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts - drm/amdgpu: fix nullptr err of vm_handle_moved - drm/amdkfd: Handle lack of READ permissions in SVM mapping - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - iio: adc: imx93_adc: load calibrated values even calibration failed - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - wifi: rtw89: wow: remove notify during WoWLAN net-detect - wifi: rtw89: fix BSSID comparison for non-transmitted BSSID - dm error: mark as DM_TARGET_PASSES_INTEGRITY - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor - char: misc: Does not request module for miscdevice with dynamic minor - net: When removing nexthops, don't call synchronize_net if it is not necessary - net: stmmac: Correctly handle Rx checksum offload errors - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - f2fs: fix to detect potential corrupted nid in free_nid_list - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - bnxt_en: Add Hyper-V VF ID - tty: serial: Modify the use of dev_err_probe() - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units - [amd64,arm64] idpf: do not linearize big TSO packets - rds: Fix endianness annotation for RDS_MPATH_HASH - media: ipu6: isys: Set embedded data type correctly for metadata formats - rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table - net: ipv4: allow directed broadcast routes to use dst hint - scsi: mpi3mr: Fix I/O failures during controller reset - scsi: mpi3mr: Fix controller init failure on fault during queue creation - scsi: pm80xx: Fix race condition caused by static variables - remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device - fuse: zero initialize inode private data - drm/amdgpu: Correct the counts of nr_banks and nr_errors - drm/amdkfd: fix vram allocation failure for a special case - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - [amd64] platform/x86/intel-uncore-freq: Fix warning in partitioned system - media: fix uninitialized symbol warnings - media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS - [amd64] ASoC: SOF: ipc4-pcm: Add fixup for channels - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting - drm/amd/display: incorrect conditions for failing dto calculations - drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) - inet_diag: annotate data-races in inet_diag_bc_sk() - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() - [amd64] crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() - scsi: pm8001: Use int instead of u32 to store error codes - [arm64] scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on suspend - ptp: Limit time setting of PTP clocks - dmaengine: sh: setup_xref error handling - [arm64,armhf] dmaengine: mv_xor: match alloc_wc and free_wc - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate - drm/amdgpu: Allow kfd CRIU with no buffer objects - drm/xe/guc: Increase GuC crash dump buffer size - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled - [arm64] drm/panthor: check bo offset alignment in vm bind - drm: panel-backlight-quirks: Make EDID match optional - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - media: adv7180: Add missing lock in suspend callback - media: adv7180: Do not write format to device in set_fmt - media: adv7180: Only validate format in querystd - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls for decoders - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - [arm64,armhf] PCI: imx6: Enable the Vaux supply if available - drm/xe/guc: Set upper limit of H2G retries over CTB - net: call cond_resched() less often in __release_sock() - smsc911x: add second read of EEPROM mac when possible corruption seen - [amd64] iommu/amd: Skip enabling command/event buffers for kdump - [amd64] crypto: ccp: Skip SEV and SNP INIT for kdump boot - drm/amd: add more cyan skillfish PCI ids - drm/amdgpu: don't enable SMU on cyan skillfish - drm/amdgpu: add support for cyan skillfish gpu_info - drm/amd/display: Fix pbn_div Calculation Error - [arm64] net: dsa: felix: support phy-mode = "10g-qxgmii" - usb: gadget: f_hid: Fix zero length packet transfer - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget - tty/vt: Add missing return value for VT_RESIZE in vt_ioctl() - [arm64] drm/msm: make sure to not queue up recovery more than once - char: Use list_del_init() in misc_deregister() to reinitialize list pointer - PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list - [amd64] media: ov08x40: Fix the horizontal flip control - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer - f2fs: fix wrong layout information on 16KB page - net: phy: marvell: Fix 88e1510 downshift counter errata - ntfs3: pretend $Extend records as regular files - wifi: mac80211: Fix HE capabilities element check - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 - [arm64] drm/msm/registers: Generate _HI/LO builders for reg64 - net: sh_eth: Disable WoL if system can not suspend - netfilter: nf_reject: don't reply to icmp error messages - [amd64] x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT - net: devmem: expose tcp_recvmsg_locked errors - udp_tunnel: use netdev_warn() instead of netdev_WARN() - HID: asus: add Z13 folio to generic group for multitouch to work - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger - [arm64] crypto: sun8i-ce - remove channel timeout field - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() - [amd64] crypto: ccp - Fix incorrect payload size calculation in psp_poulate_hsti() - [arm64,armhf] crypto: caam - double the entropy delay interval for retry - net/cls_cgroup: Fix task_get_classid() during qdisc run - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device - wifi: mt76: mt7996: Temporarily disable EPCS - wifi: mt76: mt76_eeprom_override to int - ALSA: serial-generic: remove shared static buffer - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl - drm/amd/display: Set up pixel encoding for YCBCR422 - drm/amd/display: fix dml ms order of operations - drm/amd: Avoid evicting resources at S5 - drm/amd/display: Fix DVI-D/HDMI adapters - drm/amd/display: Disable VRR on DCE 6 - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START - page_pool: always add GFP_NOWARN for ATOMIC allocations - ethernet: Extend device_get_mac_address() to use NVMEM - HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 - drm/xe/guc: Return an error code if the GuC load fails - drm/amdgpu: reject gang submissions under SRIOV - scsi: ufs: core: Disable timestamp functionality if not supported - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology - allow finish_no_open(file, ERR_PTR(-E...)) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - f2fs: fix infinite loop in __insert_extent_tree() - wifi: rtw89: obtain RX path from ppdu status IE00 - wifi: rtw89: renew a completion for each H2C command waiting C2H event - usb: xhci-pci: add support for hosts with zero USB3 ports - ipv6: np->rxpmtu race annotation - RDMA/irdma: Update Kconfig - IB/ipoib: Ignore L3 master device - jfs: Verify inode mode when loading from disk - jfs: fix uninitialized waitqueue in transaction manager - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() - [arm64] ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() - net: phy: clear link parameters on admin link down - bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state - [amd64] iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() - wifi: ath10k: Fix connection after GTK rekeying - wifi: mac80211: Track NAN interface start/stop - net: intel: fm10k: Fix parameter idx set but not used - r8169: set EEE speed down ratio to 1 - vfio: return -ENOTTY for unsupported device feature - PCI/PM: Skip resuming to D0 if device is disconnected - remoteproc: qcom: q6v5: Avoid handling handover twice - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 - [armhf] net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463 - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream - drm/amd/display: Init dispclk from bootup clock for DCN314 - drm/amd/display: Fix for test crash due to power gating - drm/amd/display: change dc stream color settings only in atomic commit - NFSv4: handle ERR_GRACE on delegation recalls - NFSv4.1: fix mount hang after CREATE_SESSION failure - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing - net: bridge: Install FDB for bridge MAC on VLAN 0 - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() - [amd64] accel/habanalabs/gaudi2: fix BMON disable configuration - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate - [amd64] accel/habanalabs: return ENOMEM if less than requested pages were pinned - [amd64] accel/habanalabs/gaudi2: read preboot status after recovering from dirty state - [amd64] accel/habanalabs: support mapping cb with vmalloc-backed coherent memory - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock - ext4: increase IO priority of fastcommit - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw - [armhf] ASoC: stm32: sai: manage context in set_sysclk callback - [armhf] ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 - ACPI: scan: Update honor list for RPMI System MSI - vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices - net/mlx5e: Don't query FEC statistics when FEC is disabled - net: macb: avoid dealing with endianness in macb_set_hwaddr() - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames - Bluetooth: SCO: Fix UAF on sco_conn_free - Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922 - Bluetooth: bcsp: receive data only if registered - ALSA: usb-audio: add mono main switch to Presonus S1824c - net: stmmac: est: Drop frames causing HLBS error - exfat: limit log print for IO error - exfat: validate cluster allocation bits of the allocation bitmap - 6pack: drop redundant locking and refcounting - page_pool: Clamp pool size to max 16K pages - orangefs: fix xattr related buffer overflow... - ftrace: Fix softlockup in ftrace_module_enable - ksmbd: use sock_create_kern interface to create kernel socket - smb: client: transport: avoid reconnects triggered by pending task work - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr - usb: xhci-pci: Fix USB2-only root hub registration - char: misc: restrict the dynamic range to exclude reserved minors - drm/amd/display: Add fallback path for YCBCR422 - ACPICA: Update dsmethod.c to get rid of unused variable warning - RDMA/irdma: Fix SD index calculation - RDMA/irdma: Remove unused struct irdma_cq fields - RDMA/irdma: Set irdma_cq cq_num field during CQ create - [arm64] RDMA/hns: Fix recv CQ and QP cache affinity - [arm64] RDMA/hns: Fix the modification of max_send_sge - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around - btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation - btrfs: mark dirty extent range for out of bound prealloc extents - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - clk: sunxi-ng: sun6i-rtc: Add A523 specifics - [arm64] rtc: pcf2127: clear minute/second interrupt - 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled - [arm64] clk: scmi: Add duty cycle ops only when duty cycle is supported - 9p: fix /sys/fs/9p/caches overwriting itself - 9p: sysfs_init: don't hardcode error to ENOMEM - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS - ACPI: property: Return present device nodes only on fwnode interface - tools bitmap: Add missing asm-generic/bitsperlong.h include - tools: lib: thermal: don't preserve owner in install - tools: lib: thermal: use pkg-config to locate libnl3 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds - [arm64] rtc: pcf2127: fix watchdog interrupt mask on pcf2131 - net: wwan: t7xx: add support for HP DRMR-H01 - kbuild: uapi: Strip comments before size type check - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity - drm/amdkfd: Fix mmap write lock not release - ceph: add checking of wait_for_completion_killable() return value - ceph: fix potential race condition in ceph_ioctl_lazyio() - ceph: refactor wake_up_bit() pattern of calling - ceph: fix multifs mds auth caps issue - [amd64] x86: use cmov for user address masking - [amd64] x86/runtime-const: Add the RUNTIME_CONST_PTR assembly macro - [amd64] x86: uaccess: don't use runtime-const rewriting in modules - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again - btrfs: ensure no dirty metadata is written back for an fs with errors - media: uvcvideo: Use heuristic to find stream entity - media: videobuf2: forbid remove_bufs when legacy fileio is active - [arm64] drm/mediatek: Disable AFBC support on Mediatek DRM driver - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Closes: #1120680) - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up - [riscv64] ptdump: use seq_puts() in pt_dump_seq_puts() macro - Bluetooth: hci_event: validate skb length for unknown CC opcode - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() - [armhf] net: dsa: tag_brcm: legacy: reorganize functions - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx - net: vlan: sync VLAN features with lower device - gpio: swnode: don't use the swnode's name as the key for GPIO lookup - gpiolib: fix invalid pointer access in debugfs - [armhf] net: dsa: b53: fix resetting speed and pause on forced link - [armhf] net: dsa: b53: fix bcm63xx RGMII port link adjustment - [armhf] net: dsa: b53: fix enabling ip multicast - [armhf] net: dsa: b53: stop reading ARL entries if search is done - sctp: Hold RCU read lock while iterating over address list - sctp: Prevent TOCTOU out-of-bounds write - sctp: Hold sock lock while iterating over address list - net: ionic: add dma_wmb() before ringing TX doorbell - net: ionic: map SKB after pseudo-header checksum prep - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup - bnxt_en: Fix a possible memory leak in bnxt_ptp_init - bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type - bnxt_en: Refactor bnxt_free_ctx_mem() - bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem() - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup - net/mlx5e: Fix return value in case of module EEPROM read error - [arm64] net: ti: icssg-prueth: Fix fdb hash size configuration - net/mlx5e: SHAMPO, Fix skb size check for 64K pages - [armhf] net: dsa: microchip: Fix reserved multicast address table programming - net: bridge: fix use-after-free due to MST port state bypass - net: bridge: fix MST static key usage - tracing: Fix memory leaks in create_field_var() - drm/amd/display: Enable mst when it's detected but yet to be initialized - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() - [arm64] rtc: rx8025: fix incorrect register reference - [amd64] x86/microcode/AMD: Add more known models to entry sign checking - smb: client: validate change notify buffer before copy - smb: client: fix potential UAF in smb2_close_cached_fid() - drm/amdgpu/smu: Handle S0ix for vangogh - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments - virtio-net: fix received length check in big packets - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL - scsi: ufs: core: Add a quirk to suppress link_startup_again - drm/amd/display: update color on atomic commit time - ACPI: SPCR: Check for table version when using precise baudrate - drm/amdgpu: Fix unintended error log in VCN5_0_0 - drm/amdgpu: Fix function header names in amdgpu_connectors.c - drm/amd/display: Fix black screen with HDMI outputs https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.59 - [arm64] drm/mediatek: Add pm_runtime support for GCE power control - [amd64] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD - [amd64] drm/i915: Fix conversion between clock ticks and nanoseconds - smb: client: fix refcount leak in smb2_set_path_attr - drm/amd: Fix suspend failure with secure display TA - drm/xe/guc: Synchronize Dead CT worker with unbind - drm/xe: Move declarations under conditional branch - drm/xe: Do clean shutdown also when using flr - [arm64] kprobes: check the return value of set_memory_rox() - [riscv64] clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors - [riscv64] acpi: avoid errors caused by probing DT devices when ACPI is used - drm/amdgpu: remove two invalid BUG_ON()s - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices - NFS4: Fix state renewals missing after boot - NFS4: Apply delay_retrans to async operations - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - HID: nintendo: Wait longer for initial probe - NFS: check if suid/sgid was cleared after a write as needed - HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel - exfat: fix improper check of dentry.stream.valid_size - smb/server: fix possible memory leak in smb2_read() - smb/server: fix possible refcount leak in smb2_sess_setup() - HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() - erofs: avoid infinite loop due to incomplete zstd-compressed data - [arm64,armhf] net: fec: correct rx_bytes statistic for the case SHIFT16 is set - net: phy: micrel: Introduce lanphy_modify_page_reg - net: phy: micrel: Replace hardcoded pages with defines - net: phy: micrel: lan8814 fix reset of the QSGMII interface - NFSD: Skip close replay processing if XDR encoding fails - Bluetooth: MGMT: cancel mesh send timer when hdev removed - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto - net/smc: fix mismatch between CLC header and proposal - net/handshake: Fix memory leak in tls_handshake_accept() - tipc: Fix use-after-free in tipc_mon_reinit_self(). - net: mdio: fix resource leak in mdiobus_register_device() - wifi: mac80211: skip rate verification for not captured PSDUs - af_unix: Initialise scc_index in unix_add_edge(). - net_sched: act_connmark: use RCU in tcf_connmark_dump() - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak - net/mlx5e: Fix maxrate wraparound in threshold between units - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix potentially misleading debug message - net_sched: limit try_bulk_dequeue_skb() batches - virtio-net: fix incorrect flags recording in big mode - hsr: Fix supervision frame sending on HSRv0 - [amd64] ACPI: CPPC: Detect preferred core availability on online CPUs - [amd64] ACPI: CPPC: Check _CPC validity for only the online CPUs - [amd64] ACPI: CPPC: Perform fast check switch only for online CPUs - [amd64] ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs - Bluetooth: L2CAP: export l2cap_chan_hold for modules - acpi,srat: Fix incorrect device handle check for Generic Initiator - regulator: fixed: fix GPIO descriptor leak on register failure - [arm64] ASoC: codecs: va-macro: fix resource leak in probe error path - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE - ASoC: tas2781: fix getting the wrong device number - pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() - pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS - simplify nfs_atomic_open_v23() - NFSv2/v3: Fix error handling in nfs_atomic_open_v23() - NFS: sysfs: fix leak when nfs_client kobject add fails - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() - NFS: Fix LTP test failures when timestamps are delegated - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd - acpi/hmat: Fix lockdep warning for hmem_register_resource() - bpf: Add bpf_prog_run_data_pointers() - bpf: account for current allocated stack depth in widen_imprecise_scalars() - [riscv64] irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path - proc: fix the issue of proc_mem_open returning NULL - ext4: introduce ITAIL helper - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) - Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) - f2fs: fix to avoid overflow while left shift operation (CVE-2025-40077) - hostfs: Fix only passing host root in boot stage with new mount - virtio-fs: fix incorrect check for fsvq->kobj - fs/namespace: correctly handle errors returned by grab_requested_mnt_ns - sched_ext: Fix unsafe locking in the scx_dump_state() - Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678) - [arm64] dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 - [arm64] dts: rockchip: Make RK3588 GPU OPP table naming less generic - [armhf] dts: imx51-zii-rdu1: Fix audmux node names - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() - HID: playstation: Fix memory leak in dualshock4_get_calibration_data() - HID: uclogic: Fix potential memory leak in error path - [amd64] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated - nfsd: fix refcount leak in nfsd_set_fh_dentry() (CVE-2025-40212) - nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes - NFSD: free copynotify stateid in nfs4_free_ol_stateid() - ksmbd: close accepted socket when per-IP limit rejects connection - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item - strparser: Fix signed/unsigned mismatch bug - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe - nilfs2: avoid having an active sc_timer before freeing sci - wifi: mac80211: reject address change while connecting - fs/proc: fix uaf in proc_readdir_de() - mm/mm_init: fix hash table order logging in alloc_large_system_hash() - mm/shmem: fix THP allocation and fallback loop - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 - mmc: dw_mmc-rockchip: Fix wrong internal phase calculate - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer - cifs: client: fix memory leak in smb3_fs_context_parse_param - codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext - crash: fix crashkernel resource shrink - smb: client: fix cifs_pick_channel when channel needs reconnect - spi: Try to get ACPI GPIO IRQ earlier - [amd64] x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev - ftrace: Fix BPF fexit with livepatch - PM: hibernate: Emit an error when image writing fails - PM: hibernate: Use atomic64_t for compressed_size variable - btrfs: zoned: fix conventional zone capacity calculation - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() - btrfs: do not update last_log_commit when logging inode due to a new name - btrfs: release root after error in data_reloc_print_warning_inode() - drm/amdkfd: relax checks for over allocation of save area - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration failure - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove - [arm64,armhf] pmdomain: samsung: plug potential memleak during probe - mptcp: fix MSG_PEEK stream corruption - wifi: cfg80211: add an hrtimer based delayed work item - wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work - mm, percpu: do not consider sleepable allocations atomic - [amd64] KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() - [amd64] KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file - [amd64] KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying - net: netpoll: Individualize the skb pool - net: netpoll: flush skb pool during cleanup - net: netpoll: fix incorrect refcount handling causing incorrect cleanup - [amd64] KVM: VMX: Split out guts of EPT violation to common/exposed function - [amd64] KVM: VMX: Fix check for valid GVA on an EPT violation - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (CVE-2025-40097) - io_uring/napi: fix io_napi_entry RCU accesses - uio_hv_generic: Set event for all channels on the device (Closes: #1120602) - mm/memory: do not populate page table entries beyond i_size - mm/truncate: unmap large folio on split failure - mm/secretmem: fix use-after-free race in fault handler - mm/huge_memory: do not change split_huge_page*() target order silently - mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() - net: phy: micrel: Fix lan8814_config_init - net: netpoll: ensure skb_pool list is always initialized - proc: proc_maps_open allow proc_mem_open to return NULL - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CVE-2025-40213) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.60 - [arm64] KVM: arm64: Check the untrusted offset in FF-A memory share - timers: Fix NULL function pointer race in timer_shutdown_sync() - HID: amd_sfh: Stop sensor before starting - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Closes: #1114557) - [arm64] dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 - mtdchar: fix integer overflow in read/write ioctls - isofs: check the return value of sb_min_blocksize() in isofs_fill_super - shmem: fix tmpfs reconfiguration (remount) when noswap is set - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector - mptcp: Disallow MPTCP subflows from sockmap - mptcp: Fix proto fallback detection with BPF - ata: libata-scsi: Fix system suspend for a security locked drive - smb: client: introduce close_cached_dir_locked() - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() - be2net: pass wrb_params in case of OS2BMC - [armhf] net: dsa: microchip: lan937x: Fix RGMII delay tuning - [arm64,armhf] Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" - Input: cros_ec_keyb - fix an invalid memory access - Input: goodix - add support for ACPI ID GDIX1003 - Input: pegasus-notetaker - fix potential out-of-bounds access - mm/mempool: fix poisoning order>0 pages with HIGHMEM - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() - scsi: sg: Do not sleep in atomic context - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups - mptcp: fix race condition in mptcp_schedule_work() - mptcp: fix ack generation for fallback msk - mptcp: fix duplicate reset on fastclose - mptcp: fix premature close in case of fallback - mptcp: avoid unneeded subflow-level drops - mptcp: decouple mptcp fastclose from tcp close - mptcp: do not fallback when OoO is present - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple() - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock - drm/amd: Skip power ungate during suspend for VPE - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled - drm/amd/display: Increase DPCD read retries - drm/amd/display: Move sleep into each retry for retrieve_link_cap() - drm/amd/display: Fix pbn to kbps Conversion - drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 - xfrm: drop SA reference in xfrm_state_update if dir doesn't match - xfrm: set err and extack on failure to create pcpu SA - xfrm: Determine inner GSO type from packet inner protocol - xfrm: Prevent locally generated packets from direct output in tunnel mode - [amd64] pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - [arm64,armhf] drm/tegra: Add call to put_pid() - net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() - net: openvswitch: remove never-working support for setting nsh fields - nvme-multipath: fix lockdep WARN due to partition scan work - [s390x] ctcm: Fix double-kfree - [amd64] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - [amd64,arm64] idpf: fix possible vport_config NULL pointer deref in remove - ice: fix PTP cleanup on driver removal in error path - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy - net/mlx5: Clean up only new IRQ glue on request_irq() failure - af_unix: Cache state->msg in unix_stream_read_generic(). - af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). - cifs: fix memory leak in smb3_fs_context_parse_param error path - vsock: Ignore signal/timeout on connect() if already established - bcma: don't register devices disabled in OF - cifs: fix typo in enable_gcm_256 module parameter - scsi: core: Fix a regression triggered by scsi_host_busy() - [amd64] x86/microcode/AMD: Limit Entrysign signature checking to known generations - net: tls: Change async resync helpers argument - blk-crypto: use BLK_STS_INVAL for alignment errors - net: tls: Cancel RX async resync request on rcd_delta overflow - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check - [arm64] KVM: arm64: Make all 32bit ID registers fully writable - drm/xe: Prevent BIT() overflow when handling invalid prefetch region - [s390x] mm: Fix __ptep_rdp() inline assembly - ALSA: usb-audio: fix uac2 clock source at terminal parser - tracing/tools: Fix incorrcet short option in usage text for --threads - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough - smb: client: fix incomplete backport in cfids_invalidation_worker() - tty/vt: fix up incorrect backport to stable releases - maple_tree: fix tracepoint string pointers - [amd64] drm/i915/dp_mst: Disable Panel Replay - mptcp: fix a race in mptcp_pm_del_add_timer() - xfs: Replace strncpy with memcpy - xfs: fix out of bounds memory read error in symlink repair - drm/amd/display: avoid reset DTBCLK at clock init - drm/amd/display: disable DPP RCG before DPP CLK enable - drm/amd/display: Insert dccg log for easy debug - drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched - Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.61 - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface - Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind - Bluetooth: SMP: Fix not generating mackey and ltk when repairing - net: sched: generalize check for no-queue qdisc on TX queue - veth: apply qdisc backpressure on full ptr_ring to reduce TX drops - veth: prevent NULL pointer dereference in veth_xdp_rcv - veth: more robust handing of race to avoid txq getting stuck - veth: reduce XDP no_direct return section to fix race - [amd64] platform/x86: intel: punit_ipc: fix memory corruption - net: aquantia: Add missing descriptor cache invalidation on ATL2 - net: lan966x: Fix the initialization of taprio - drm/xe: Fix conversion from clock ticks to milliseconds - net/mlx5e: Fix validation logic in rate limiting - team: Move team device type change at the end of team_port_add - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling - net: wwan: mhi: Keep modem name match with Foxconn T99W640 - net: atlantic: fix fragment overflow handling in RX path - [arm64,armhf] net: fec: cancel perout_timer when PEROUT is disabled - [arm64,armhf] net: fec: do not update PEROUT if it is enabled - [arm64,armhf] net: fec: do not allow enabling PPS and PEROUT simultaneously - [arm64,armhf] net: fec: do not register PPS event for PEROUT - iio: st_lsm6dsx: Fixed calibrated timestamp calculation - [arm64] mailbox: mtk-cmdq: Refine DMA address handling for the command buffer - mailbox: pcc: Refactor error handling in irq handler into separate function - mailbox: pcc: don't zero error register - fs/namespace: fix reference leak in grab_requested_mnt_ns - spi: spi-mem: Allow specifying the byte order in Octal DTR mode - spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency - spi: spi-mem: Add a new controller capability - [arm64] spi: nxp-fspi: Support per spi-mem operation frequency switches - [arm64] spi: spi-nxp-fspi: remove the goto in probe - [arm64] spi: spi-nxp-fspi: Add OCT-DTR mode support - [arm64] spi: nxp-fspi: Propagate fwnode in ACPI case as well - Revert "drm/amd/display: Move setup_stream_attribute" - [amd64] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - iio: buffer-dma: support getting the DMA channel - iio: buffer-dmaengine: enable .get_dma_dev() - iio: buffer: support getting dma channel from the buffer - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411) - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 - [arm64] dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref - can: sja1000: fix max irq loop handling - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling - ceph: fix crash in process_v2_sparse_read() for encrypted directories - dm-verity: fix unreliable memory allocation - drivers/usb/dwc3: fix PCI parent check - smb: client: fix memory leak in cifs_construct_tcon() - [amd64] thunderbolt: Add support for Intel Wildcat Lake - [arm64] slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves - nvmem: layouts: fix nvmem_layout_bus_uevent - firmware: stratix10-svc: fix bug in saving controller data - mm/memfd: fix information leak in hugetlb folios - mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level - mptcp: clear scheduled subflows on retransmit - mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). - [arm*] serial: amba-pl011: prefer dma_mapping_error() over explicit address checking - usb: cdns3: Fix double resource release in cdns3_pci_probe - usb: gadget: f_eem: Fix memory leak in eem_unwrap - usb: storage: Fix memory leak in USB bulk transport - USB: storage: Remove subclass and protocol overrides from Novatek quirk - usb: storage: sddr55: Reject out-of-bound new_pba - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer - [amd64,arm64] usb: dwc3: pci: add support for the Intel Nova Lake -S - [amd64,arm64] usb: dwc3: pci: Sort out the Intel device IDs - [amd64,arm64] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths - xhci: fix stale flag preventig URBs after link state error is cleared - xhci: dbgtty: Fix data corruption when transmitting data form DbC to host - xhci: dbgtty: fix device unregister - USB: serial: ftdi_sio: add support for u-blox EVK-M101 - USB: serial: option: add support for Rolling RW101R-GL - drm: sti: fix device leaks at component probe - drm/amd/amdgpu: reserve vm invalidation engine for uni_mes - drm/amd/display: Check NULL before accessing - drm/amd/display: Don't change brightness for disabled connectors - [armhf] net: dsa: microchip: common: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: ptp: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: Don't free uninitialized ksz_irq - libceph: fix potential use-after-free in have_mon_and_osd_map() - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() - libceph: replace BUG_ON with bounds check for map->max_osd - staging: rtl8712: Remove driver using deprecated API wext - nfsd: Replace clamp_t in nfsd4_get_drc_mem() - usb: typec: ucsi: psy: Set max current to zero when disconnected - usb: udc: Add trace event for usb_gadget_set_state - usb: gadget: udc: fix use-after-free in usb_gadget_state_work - mm/huge_memory: fix NULL pointer deference when splitting folio - [amd64] KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() - [amd64] KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() - [amd64] KVM: nSVM: Fix and simplify LBR virtualization handling with nested - [amd64] KVM: SVM: Fix redundant updates of LBR MSR intercepts - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup - [armhf] net: dsa: microchip: Do not execute PTP driver code for unsupported switches - [armhf] net: dsa: microchip: Free previously initialized ports on init failures - wifi: ath12k: correctly handle mcast packets for clients - Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" - [amd64] drm/i915/dp: Initialize the source OUI write timestamp always - [arm64] spi: spi-nxp-fspi: Check return value of devm_mutex_init() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.62 - xfrm: delete x->tunnel as we delete x - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added - xfrm: flush all states in xfrm_state_fini - Documentation: process: Also mention Sasha Levin as stable tree maintainer - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted - ext4: refresh inline data size before write operations - ksmbd: ipc: fix use-after-free in ipc_msg_send_request - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() - [amd64] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced - USB: serial: option: add Foxconn T99W760 - USB: serial: option: add Telit Cinterion FE910C04 new compositions - USB: serial: option: move Telit 0x10c7 composition in the right place - USB: serial: ftdi_sio: match on interface number for jtag - serial: add support of CPCI cards - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() - [arm64,armhf] ipi: imx: keep dma request disabled before dma transfer setup - drm/vmwgfx: Use kref in vmw_bo_dirty - Bluetooth: btrtl: Avoid loading the config file on security chips - smb: fix invalid username check in smb3_fs_context_parse_param() - drm/amdkfd: Fix GPU mappings for APU after prefetch - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series - bfs: Reconstruct file type when loading from disk - HID: hid-input: Extend Elan ignore battery quirk to USB - nvme: fix admin request_queue lifetime - [arm64] pinctrl: qcom: msm: Fix deadlock in pinmux configuration - [amd64] platform/x86: acer-wmi: Ignore backlight event - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list - [amd64] platform/x86: huawei-wmi: add keys for HONOR models - [amd64] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list - [amd64] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally - HID: elecom: Add support for ELECOM M-XT3URBK (018F) - wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 - [amd64] comedi: check device's attached status in compat ioctls - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing - bus: mhi: host: pci_generic: Add Telit FN920C04 modem support - bus: mhi: host: pci_generic: Add Telit FN990B40 modem support https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.63 - [arm64,armhf] gpu: host1x: Fix race in syncpt alloc/free - [amd64] accel/ivpu: Prevent runtime suspend during context abort work - [amd64] accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail - [amd64] accel/ivpu: Make function parameter names consistent - [amd64] accel/ivpu: Fix DCT active percent format - drm/vgem-fence: Fix potential deadlock on release - USB: Fix descriptor count when handling invalid MBIM extended descriptor - [arm64] pinctrl: renesas: rzg2l: Fix PMC restore - [arm64] clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback - [arm64] clk: renesas: Use str_on_off() helper - [arm64] clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register - [arm64] clk: renesas: cpg-mssr: Read back reset registers to assure values latched - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() - objtool: Fix standalone --hacks=jump_label - objtool: Fix weak symbol detection - wifi: ath10k: Avoid vdev delete timeout when firmware is already down - wifi: ath10k: Add missing include of export.h - wifi: ath10k: move recovery check logic into a new work - wifi: ath11k: restore register window after global reset - sched/fair: Forfeit vruntime on yield - [arm*] irqchip/irq-brcmstb-l2: Fix section mismatch - [arm64,armhf] irqchip/imx-mu-msi: Fix section mismatch - [arm64] irqchip/renesas-rzg2l: Fix section mismatch - [riscv64] irqchip/starfive-jh8100: Fix section mismatch - [arm64] irqchip/qcom-irq-combiner: Fix section mismatch - crypto: authenc - Correctly pass EINPROGRESS back up to the caller - ntfs3: fix uninit memory after failed mi_read in mi_format_new - ntfs3: Fix uninit buffer allocated by __getname() - dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets - dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets - clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets - rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() - inet: Avoid ehash lookup race in inet_ehash_insert() - inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() - firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc - block/mq-deadline: Introduce dd_start_request() - block/mq-deadline: Switch back to a single dispatch list - [arm64] dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props - [arm64] dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl - [arm64] dts: imx8mp-venice-gw702x: remove off-board uart - [arm64] dts: imx8mp-venice-gw702x: remove off-board sdhc1 - perf annotate: Check return value of evsel__get_arch() properly - [arm64] dts: exynos: gs101: fix sysreg_apm reg property - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe - soc: Switch back to struct platform_driver::remove() - [arm64] soc: qcom: gsbi: fix double disable caused by devm - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id - wifi: ath11k: fix VHT MCS assignment - wifi: ath11k: fix peer HE MCS assignment - [s390x] smp: Fix fallback CPU detection - [s390x] ap: Don't leak debug feature files if AP instructions are not available - [arm64] dts: ti: k3-am62p: Fix memory ranges for GPU - firmware: imx: scu-irq: fix OF node leak in - [arm64] dts: qcom: x1e80100: Fix compile warnings for USB HS controller - [arm64] dts: qcom: x1e80100: Add missing quirk for HS only USB controller - [arm64] dts: qcom: sdm845-oneplus: Correct gpio used for slider - [arm64] dts: qcom: sm8650: set ufs as dma coherent - [arm64] dts: qcom: qcm6490-shift-otter: Add missing reserved-memory - phy: mscc: Fix PTP for VSC8574 and VSC8572 - sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure - Revert "mtd: rawnand: marvell: fix layouts" - [arm64,armhf] mtd: nand: relax ECC parameter validation check - perf: Remove get_perf_callchain() init_nr argument - bpf: Refactor stack map trace depth calculation into helper function - bpf: Fix stackmap overflow check in __bpf_get_stackid() - [amd64] perf/x86/intel/cstate: Remove PC3 support from LunarLake - task_work: Fix NMI race condition - [amd64] x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() - tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set - [arm64] soc: qcom: smem: fix hwspinlock resource leak in probe error paths - [armhf] pinctrl: stm32: fix hwspinlock resource leak in probe function - i3c: fix refcount inconsistency in i3c_master_register - i3c: master: svc: Prevent incomplete IBI transaction - wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() - [arm64] interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS - [arm64] dts: qcom: msm8996: add interconnect paths to USB2 controller - interconnect: debugfs: Fix incorrect error handling for NULL path - drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() - perf lock contention: Load kernel map before lookup - perf record: skip synthesize event when open evsel failed - power: supply: rt5033_charger: Fix device node reference leaks - power: supply: cw2015: Check devm_delayed_work_autocancel() return code - power: supply: max17040: Check iio_read_channel_processed() return code - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() - power: supply: wm831x: Check wm831x_set_bits() return value - power: supply: apm_power: only unset own apm_get_power_status - scsi: target: Do not write NUL characters into ASCII configfs output - fs/9p: Don't open remote file with APPEND mode when writeback cache is used - [arm64] drm/panthor: Handle errors returned by drm_sched_entity_init() - [arm64] drm/panthor: Fix group_free_queue() for partially initialized queues - [arm64] drm/panthor: Fix UAF race between device unplug and FW event processing - [arm64] drm/panthor: Fix race with suspend during unplug - [arm64] drm/panthor: Fix UAF on kernel BO VA nodes - libbpf: Fix parsing of multi-split BTF - [armhf] dts: am335x-netcom-plus-2xx: add missing GPIO labels - [armhf] dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible - [armhf] dts: omap3: n900: Correct obsolete TWL4030 power compatible - [amd64] x86/boot: Fix page table access in 5-level to 4-level paging transition - efi/libstub: Fix page table access in 5-level to 4-level paging transition - ext4: correct the checking of quota files before moving extents - [amd64] perf/x86/intel: Correct large PEBS flag check - regulator: core: disable supply if enabling main regulator fails - md: fix rcu protection in md_wakeup_thread - nbd: defer config put in recv_work - scsi: stex: Fix reboot_notifier leak in probe error path - scsi: smartpqi: Fix device resources accessed after device removal - dt-bindings: PCI: amlogic: Fix the register name of the DBI region - RDMA/rtrs: server: Fix error handling in get_or_create_srv - ntfs3: init run lock for extend inode - [arm64] drm/panthor: Fix potential memleak of vma structure - scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() - [amd64] cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs - [powerpc*] kdump: Fix size calculation for hot-removed memory ranges - [powerpc*] 32: Fix unpaired stwcx. on interrupt exit - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() - nbd: defer config unlock in nbd_genl_connect - coresight: Change device mode to atomic type - [arm64] coresight: etm4x: Correct polling IDLE bit - [arm64] coresight: etm4x: Extract the trace unit controlling - [arm64] coresight: etm4x: Add context synchronization before enabling trace - lib/vsprintf: Check pointer before dereferencing in time_and_date() - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() - scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls - leds: netxbig: Fix GPIO descriptor leak in error paths - bpf: Free special fields when update [lru_,]percpu_hash maps - PCI: keystone: Exit ks_pcie_probe() for invalid mode - [arm64] dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C - [amd64] crypto: iaa - Fix incorrect return value in save_iaa_wq() - [arm64] drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype - ps3disk: use memcpy_{from,to}_bvec index - bpf: Handle return value of ftrace_set_filter_ip in register_fentry - bpf: Check skb->transport_header is set in bpf_skb_check_mtu - watchdog: wdat_wdt: Fix ACPI table leak in probe function - watchdog: starfive: Fix resource leak in probe error path - tracefs: fix a leak in eventfs_create_events_dir() - NFSD/blocklayout: Fix minlength check in proc_layoutget - block/blk-throttle: Fix throttle slice time for SSDs - [arm64] drm/msm/a2xx: stop over-complaining about the legacy firmware - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() - bpf: Fix invalid prog->stats access when update_effective_progs fails - [powerpc*] 64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit - [powerpc*] 64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format - fs/ntfs3: out1 also needs to put mi - fs/ntfs3: Prevent memory leaks in add sub record - [arm64] drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue - [arm64] drm/msm/a6xx: Flush LRZ cache before PT switch - [arm64] drm/msm/a6xx: Fix the gemnoc workaround - [arm64] drm/msm/a6xx: Improve MX rail fallback in RPMH vote init - ipv6: clear RA flags when adding a static route (Closes: #1117959) - pwm: bcm2835: Make sure the channel is enabled after pwm_request() - scsi: qla2xxx: Fix improper freeing of purex item - [amd64] iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb - wifi: mac80211: fix CMAC functions not handling errors - [arm64] mfd: mt6397-irq: Fix missing irq_domain_remove() in error path - [arm64] mfd: mt6358-irq: Fix missing irq_domain_remove() in error path - leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM - [arm64] phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() - [arm64] phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth - [arm64] phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits - net: phy: adin1100: Fix software power-down ready condition - cpuset: Treat cpusets in attaching as populated - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() - RAS: Report all ARM processor CPER information to userspace - ima: Handle error code returned by ima_filter_rule_match() - usb: chaoskey: fix locking for O_NONBLOCK - usb: dwc2: disable platform lowlevel hw resources during shutdown - usb: dwc2: fix hang during shutdown if set as peripheral - usb: dwc2: fix hang during suspend if set as peripheral - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE - [riscv64] KVM: Fix guest page fault within HLV* instructions - erofs: limit the level of fs stacking for file-backed mounts - RDMA/bnxt_re: Fix the inline size for GenP7 devices - RDMA/bnxt_re: Pass correct flag for dma mr creation - ASoC: tas2781: correct the wrong period - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() - [arm64] iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables - btrfs: fix leaf leak in an error path in btrfs_del_items() - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition - drm/nouveau: restrict the flush page to a 32-bit address - iomap: factor out a iomap_dio_done helper - iomap: always run error completions in user context - wifi: ieee80211: correct FILS status codes - backlight: led-bl: Add devlink to supplier LEDs - backlight: lp855x: Fix lp855x.h kernel-doc warnings - [arm64] iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal - RDMA/irdma: Fix data race in irdma_sc_ccq_arm - RDMA/irdma: Fix data race in irdma_free_pble - RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY - [arm64] drm/panthor: Avoid adding of kernel BOs to extobj list - gfs2: Prevent recursive memory reclaim - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() - hwmon: sy7636a: Fix regulator_enable resource leak on error path - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 - ublk: prevent invalid access with DEBUG - ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation - of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node - virtio_vdpa: fix misleading return in void function - virtio: fix typo in virtio_device_ready() comment - virtio: fix whitespace in virtio_config_ops - virtio: fix grammar in virtio_queue_info docs - virtio: fix virtqueue_set_affinity() docs - vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues - vhost: Fix kthread worker cgroup failure handling - vdpa/pds: use %pe for ERR_PTR() in event handler registration - [amd64] ASoC: Intel: catpt: Fix error path in hw_params() - [armhf] dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex - resource: replace open coded resource_intersection() - resource: introduce is_type_match() helper and use it - Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" - netfilter: flowtable: check for maximum number of encapsulations in bridge vlan - netfilter: nf_conncount: rework API to use sk_buff directly - netfilter: nft_connlimit: update the count if add was skipped - net: stmmac: fix rx limit check in stmmac_rx_zc() - vfio/pci: Use RCU for error/request triggers to avoid circular locking - net: phy: aquantia: check for NVMEM deferral - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds - [arm64] remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs - md/raid5: fix IO hang when array is broken with IO inflight - net: hsr: remove one synchronize_rcu() from hsr_del_port() - net: hsr: remove synchronize_rcu() from hsr_add_port() - net: hsr: Create and export hsr_get_port_ndev() - net: hsr: create an API to get hsr port type - net: dsa: xrs700x: reject unsupported HSR configurations - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325) - perf tools: Mark split kallsyms DSOs as loaded - perf tools: Fix split kallsyms DSO counting - perf hist: In init, ensure mem_info is put on error paths - [arm64,armhf] pinctrl: single: Fix incorrect type for error return variable - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() - 9p: fix cache/debug options printing in v9fs_show_options - sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out - [amd64] platform/x86:intel/pmc: Update Arrow Lake telemetry GUID - f2fs: keep POSIX_FADV_NOREUSE ranges - f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages - f2fs: fix to avoid running out of free segments - f2fs: add carve_out sysfs node - f2fs: sysfs: add encoding_flags entry - f2fs: introduce reserved_pin_section sysfs entry - f2fs: add gc_boost_gc_multiple sysfs node - f2fs: add gc_boost_gc_greedy sysfs node - f2fs: maintain one time GC mode is enabled during whole zoned GC cycle - NFS: Avoid changing nlink when file removes and attribute updates race - fs/nls: Fix utf16 to utf8 conversion - NFS: Initialise verifiers for visible dentries in readdir and lookup - NFS: Initialise verifiers for visible dentries in nfs_atomic_open() - nfs/vfs: discard d_exact_alias() - NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid - Revert "nfs: ignore SB_RDONLY when remounting nfs" - Revert "nfs: clear SB_RDONLY before getting superblock" - Revert "nfs: ignore SB_RDONLY when mounting nfs" - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags - Expand the type of nfs_fattr->valid - NFS: Fix inheritance of the block sizes when automounting - fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() - [amd64] platform/x86: asus-wmi: use brightness_set_blocking() for kbd led - blk-mq: Abort suspend when wakeup events are pending - block: fix comment for op_is_zone_mgmt() to include RESET_ALL - block: fix memory leak in __blkdev_issue_zero_pages - nvme-auth: use kvfree() for memory allocated with kvcalloc() - drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() - regulator: fixed: Rely on the core freeing the enable GPIO - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events - drm/nouveau: refactor deprecated strcpy - cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 - docs: hwmon: fix link to g762 devicetree binding - dma/pool: eliminate alloc_pages warning in atomic_pool_expand - ALSA: uapi: Fix typo in asound.h comment - drm/amdkfd: Use huge page size to check split svm range alignment - rtc: gamecube: Check the return value of ioremap() - ALSA: firewire-motu: add bounds check in put_user loop for DSP events - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock - block: return unsigned int from queue_dma_alignment - dm-raid: fix possible NULL dereference with undefined raid type - dm log-writes: Add missing set_freezable() for freezable kthread - efi/cper: Add a new helper function to print bitmasks - efi/cper: Adjust infopfx size to accept an extra space - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (CVE-2025-68324) - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() - ocfs2: fix memory leak in ocfs2_merge_rec_left() - net: lan743x: Allocate rings outside ZONE_DMA - net: dst: introduce dst->dev_rcu - tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075) - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt - usb: phy: Initialize struct usb_phy list_head - usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required - ALSA: dice: fix buffer overflow in detect_stream_formats() - ALSA: wavefront: Fix integer overflow in sample size validation . [ Uwe Kleine-König ] * [armhf] Enable LEDS_TURRIS_OMNIA as a module for Turris Omnia LED support. . [ Maxwell Pevner ] * drivers/hid: Enable HID_UNIVERSAL_PIDFF as module (Closes: #1122144) linux-signed-arm64 (6.12.63+1) trixie; urgency=medium . * Sign kernel from linux 6.12.63-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.58 - NFSD: Fix crash in nfsd4_read_release() - net: usb: asix_devices: Check return value of usbnet_get_endpoints - fbcon: Set fb_display[i]->mode to NULL when the mode is released - fbdev: atyfb: Check if pll_ops->init_pll failed - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() - ACPI: button: Call input_free_device() on failing input device registration - virtio-net: drop the multi-buffer XDP packet in zerocopy - fbdev: bitblit: bound-check glyph index in bit_putcs* - Bluetooth: rfcomm: fix modem control handling - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode - mptcp: drop bogus optimization in __mptcp_check_push() - mptcp: restore window probe - [arm64] ASoC: qdsp6: q6asm: do not sleep while atomic - [s390x] pci: Restore IRQ unconditionally for the zPCI device - smb: client: fix potential cfid UAF in smb2_query_info_compound - [amd64] x86/fpu: Ensure XFD state on signal delivery - wifi: ath10k: Fix memory leak on unsupported WMI command - wifi: ath11k: Add missing platform IDs for quirk table - wifi: ath12k: free skb during idr cleanup callback - wifi: ath11k: add support for MU EDCA - wifi: ath11k: avoid bit operation on key flags - [arm64] drm/msm/a6xx: Fix GMU firmware parser - ALSA: usb-audio: fix control pipe direction - wifi: mac80211: don't mark keys for inactive links as uploaded - wifi: mac80211: fix key tailroom accounting leak - bpf: Sync pending IRQ work before freeing ring buffer - scsi: ufs: core: Initialize value of an attribute returned by uic cmd - bpf: Find eligible subprogs for private stack support - bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth - bpf: Do not audit capability check in do_jit() - [amd64] ASoC: Intel: avs: Unprepare a stream when XRUN occurs - [amd64] ASoC: Intel: avs: Disable periods-elapsed work when closing PCM - [arm64,armhf] ASoC: fsl_sai: fix bit order for DSD format - libbpf: Fix powerpc's stack register definition in bpf_tracing.h - usbnet: Prevents free active kevent - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once - Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave - Bluetooth: ISO: Fix BIS connection dst_type handling - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 - Bluetooth: ISO: Fix another instance of dst_type handling - Bluetooth: hci_core: Fix tracking of periodic advertisement - [arm64,armhf] drm/etnaviv: fix flush sequence logic - [arm64] net: hns3: return error code when function fails - sfc: fix potential memory leak in efx_mae_process_mport() - dpll: spec: add missing module-name and clock-id to pin-get reply - [arm64,armhf] ASoC: fsl_sai: Fix sync error in consumer mode - drm/radeon: Do not kfree() devres managed rdev - drm/radeon: Remove calls to drm_put_dev() - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland - ACPI: fan: Use ACPI handle when retrieving _FST - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL - block: make REQ_OP_ZONE_OPEN a write operation - regmap: slimbus: fix bus_context pointer in regmap init calls - [s390x] mm: Fix memory leak in add_marker() when kvrealloc() fails - drm/xe: Do not wake device during a GT reset - drm/sysfb: Do not dereference NULL pointer in plane reset - drm/sched: avoid killing parent entity on child SIGKILL - drm/nouveau: Fix race in nouveau_sched_fini() - [arm64] drm/mediatek: Fix device use-after-free on unbind - drm/amd: Check that VPE has reached DPM0 in idle handler - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (Closes: #1000966) - ACPI: fan: Add fan speed reporting for fans with only _FST - ACPI: fan: Use platform device for devres-related actions - sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU - cpuidle: governors: menu: Rearrange main loop in menu_select() - cpuidle: governors: menu: Select polling state in some more cases - [amd64] mfd: kempld: Switch back to earlier ->init() behavior - [amd64] x86/CPU/AMD: Add RDSEED fix for Zen5 - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. - drm/sched: Optimise drm_sched_entity_push_job - drm/sched: Re-group and rename the entity run-queue lock - drm/sched: Fix race in drm_sched_entity_select_rq() - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump - [s390x] Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs - [arm64] firmware: qcom: scm: preserve assign_mem() error return value - [arm64] soc: qcom: smem: Fix endian-unaware access of num_entries - [arm64] soc: ti: pruss: don't use %pK through printk - bpf: Don't use %pK through printk - pinctrl: single: fix bias pull up/down handling in pin_config_set - [arm64] mmc: host: renesas_sdhi: Fix the actual clock - memstick: Add timeout to prevent indefinite waiting - [arm64,armhf] cpufreq: ti: Add support for AM62D2 - bpf: Use tnums for JEQ/JNE is_branch_taken logic - firewire: ohci: move self_id_complete tracepoint after validating register - [riscv64] irqchip/sifive-plic: Respect mask state when setting affinity - io_uring/zctx: check chained notif contexts - ACPI: sysfs: Use ACPI_FREE() for freeing an ACPI object - ACPI: video: force native for Lenovo 82K8 - libbpf: Fix USDT SIB argument handling causing unrecognized register error - cpufreq/longhaul: handle NULL policy in longhaul_exit - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA - ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] - thermal: gov_step_wise: Allow cooling level to be reduced earlier - power: supply: qcom_battmgr: add OOI chemistry - [amd64] hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models - [amd64] hwmon: (k10temp) Add device ID for Strix Halo - power: supply: sbs-charger: Support multiple devices - cpufreq: ondemand: Update the efficient idle check for Intel extended Families - [arm64,armhf] soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups - [arm64] firmware: qcom: tzmem: disable sc7180 platform - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - pwm: pca9685: Use bulk write to atomicially update registers - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - [amd64,arm64] tee: allow a driver to allocate a tee_device without a pool - nvmet-fc: avoid scheduling association deletion twice - nvme-fc: use lock accessing port_state and rport state - bpf: Do not limit bpf_cgroup_from_id to current's namespace - i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tools/cpupower: fix error return value in cpupower_write_sysfs() - power: supply: qcom_battmgr: handle charging state change notifications - bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 - cpuidle: Fail cpuidle device registration if there is one already - futex: Don't leak robust_list pointer on exec race - ACPI: SPCR: Support Precise Baud Rate field - blk-cgroup: fix possible deadlock while configuring policy - [riscv64] bpf: Fix uninitialized symbol 'retval_off' - bpf: Clear pfmemalloc flag when freeing all fragments - nvme: Use non zero KATO for persistent discovery connections - uprobe: Do not emulate/sstep original instruction when ip is changed - [amd64] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex - [amd64] hwmon: (dell-smm) Remove Dell Precision 490 custom config data - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/power x86_energy_perf_policy: Prefer driver HWP limits - [armhf] mfd: stmpe: Remove IRQ domain upon removal - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE - [riscv64] mfd: da9063: Split chip variant reading in two bus transactions - mfd: core: Increment of_node's refcount before linking it to the platform device - [amd64] mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs - drm/amd/display: fix condition for setting timing_adjust_pending - drm/amd/display: ensure committing streams is seamless - drm/amdgpu: add range check for RAS bad page address - drm/amdgpu: Check vcn sram load return value - drm/amd/display: Move setup_stream_attribute - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration - drm/xe/guc: Add more GuC load error status codes - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. - drm/amdgpu: Avoid rma causes GPU duplicate reset - drm/amd/amdgpu: Release xcp drm memory after unplug - drm/amdgpu: Skip poison aca bank from UE channel - drm/amd/display: add more cyan skillfish devices - drm/amd/display: update dpp/disp clock from smu clock table - drm/amd/pm: Use cached metrics data on aldebaran - drm/amd/pm: Use cached metrics data on arcturus - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - [arm64] ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off - drm/amd/display: Wait until OTG enable state is cleared - PCI: Disable MSI on RDC PCI to PCIe bridges - wifi: rtw89: print just once for unknown C2H events - wifi: rtw88: sdio: use indirect IO for device registers before power-on - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - media: pci: ivtv: Don't create fake v4l2_fh - [arm64] drm/tidss: Use the crtc_* timings when programming the HW - [arm64] drm/tidss: Set crtc modesetting parameters with adjusted mode - PCI/ERR: Update device error_state already after reset - [amd64] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - net: stmmac: Check stmmac_hw_setup() in stmmac_resume() - ice: Don't use %pK through printk or tracepoints - thunderbolt: Use is_pciehp instead of is_hotplug_bridge - tty: serial: ip22zilog: Use platform device for probing - [powerpc*] eeh: Use result of error_detected() in uevent - [s390x] pci: Use pci_uevent_ers() in PCI recovery - bridge: Redirect to backup port when port is administratively down - net: ipv6: fix field-spanning memcpy warning in AH output - media: imon: make send_packet() more robust - [arm64] drm/panthor: Serialize GPU cache flush operations - HID: pidff: Use direction fix only for conditional effects - HID: pidff: PERMISSIVE_CONTROL quirk autodetection - [arm64,armhf] drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts - drm/amdgpu: fix nullptr err of vm_handle_moved - drm/amdkfd: Handle lack of READ permissions in SVM mapping - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - iio: adc: imx93_adc: load calibrated values even calibration failed - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - wifi: rtw89: wow: remove notify during WoWLAN net-detect - wifi: rtw89: fix BSSID comparison for non-transmitted BSSID - dm error: mark as DM_TARGET_PASSES_INTEGRITY - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor - char: misc: Does not request module for miscdevice with dynamic minor - net: When removing nexthops, don't call synchronize_net if it is not necessary - net: stmmac: Correctly handle Rx checksum offload errors - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - f2fs: fix to detect potential corrupted nid in free_nid_list - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - bnxt_en: Add Hyper-V VF ID - tty: serial: Modify the use of dev_err_probe() - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units - [amd64,arm64] idpf: do not linearize big TSO packets - rds: Fix endianness annotation for RDS_MPATH_HASH - media: ipu6: isys: Set embedded data type correctly for metadata formats - rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table - net: ipv4: allow directed broadcast routes to use dst hint - scsi: mpi3mr: Fix I/O failures during controller reset - scsi: mpi3mr: Fix controller init failure on fault during queue creation - scsi: pm80xx: Fix race condition caused by static variables - remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device - fuse: zero initialize inode private data - drm/amdgpu: Correct the counts of nr_banks and nr_errors - drm/amdkfd: fix vram allocation failure for a special case - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - [amd64] platform/x86/intel-uncore-freq: Fix warning in partitioned system - media: fix uninitialized symbol warnings - media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS - [amd64] ASoC: SOF: ipc4-pcm: Add fixup for channels - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting - drm/amd/display: incorrect conditions for failing dto calculations - drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) - inet_diag: annotate data-races in inet_diag_bc_sk() - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() - [amd64] crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() - scsi: pm8001: Use int instead of u32 to store error codes - [arm64] scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on suspend - ptp: Limit time setting of PTP clocks - dmaengine: sh: setup_xref error handling - [arm64,armhf] dmaengine: mv_xor: match alloc_wc and free_wc - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate - drm/amdgpu: Allow kfd CRIU with no buffer objects - drm/xe/guc: Increase GuC crash dump buffer size - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled - [arm64] drm/panthor: check bo offset alignment in vm bind - drm: panel-backlight-quirks: Make EDID match optional - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - media: adv7180: Add missing lock in suspend callback - media: adv7180: Do not write format to device in set_fmt - media: adv7180: Only validate format in querystd - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls for decoders - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - [arm64,armhf] PCI: imx6: Enable the Vaux supply if available - drm/xe/guc: Set upper limit of H2G retries over CTB - net: call cond_resched() less often in __release_sock() - smsc911x: add second read of EEPROM mac when possible corruption seen - [amd64] iommu/amd: Skip enabling command/event buffers for kdump - [amd64] crypto: ccp: Skip SEV and SNP INIT for kdump boot - drm/amd: add more cyan skillfish PCI ids - drm/amdgpu: don't enable SMU on cyan skillfish - drm/amdgpu: add support for cyan skillfish gpu_info - drm/amd/display: Fix pbn_div Calculation Error - [arm64] net: dsa: felix: support phy-mode = "10g-qxgmii" - usb: gadget: f_hid: Fix zero length packet transfer - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget - tty/vt: Add missing return value for VT_RESIZE in vt_ioctl() - [arm64] drm/msm: make sure to not queue up recovery more than once - char: Use list_del_init() in misc_deregister() to reinitialize list pointer - PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list - [amd64] media: ov08x40: Fix the horizontal flip control - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer - f2fs: fix wrong layout information on 16KB page - net: phy: marvell: Fix 88e1510 downshift counter errata - ntfs3: pretend $Extend records as regular files - wifi: mac80211: Fix HE capabilities element check - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 - [arm64] drm/msm/registers: Generate _HI/LO builders for reg64 - net: sh_eth: Disable WoL if system can not suspend - netfilter: nf_reject: don't reply to icmp error messages - [amd64] x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT - net: devmem: expose tcp_recvmsg_locked errors - udp_tunnel: use netdev_warn() instead of netdev_WARN() - HID: asus: add Z13 folio to generic group for multitouch to work - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger - [arm64] crypto: sun8i-ce - remove channel timeout field - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() - [amd64] crypto: ccp - Fix incorrect payload size calculation in psp_poulate_hsti() - [arm64,armhf] crypto: caam - double the entropy delay interval for retry - net/cls_cgroup: Fix task_get_classid() during qdisc run - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device - wifi: mt76: mt7996: Temporarily disable EPCS - wifi: mt76: mt76_eeprom_override to int - ALSA: serial-generic: remove shared static buffer - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl - drm/amd/display: Set up pixel encoding for YCBCR422 - drm/amd/display: fix dml ms order of operations - drm/amd: Avoid evicting resources at S5 - drm/amd/display: Fix DVI-D/HDMI adapters - drm/amd/display: Disable VRR on DCE 6 - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START - page_pool: always add GFP_NOWARN for ATOMIC allocations - ethernet: Extend device_get_mac_address() to use NVMEM - HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 - drm/xe/guc: Return an error code if the GuC load fails - drm/amdgpu: reject gang submissions under SRIOV - scsi: ufs: core: Disable timestamp functionality if not supported - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology - allow finish_no_open(file, ERR_PTR(-E...)) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - f2fs: fix infinite loop in __insert_extent_tree() - wifi: rtw89: obtain RX path from ppdu status IE00 - wifi: rtw89: renew a completion for each H2C command waiting C2H event - usb: xhci-pci: add support for hosts with zero USB3 ports - ipv6: np->rxpmtu race annotation - RDMA/irdma: Update Kconfig - IB/ipoib: Ignore L3 master device - jfs: Verify inode mode when loading from disk - jfs: fix uninitialized waitqueue in transaction manager - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() - [arm64] ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() - net: phy: clear link parameters on admin link down - bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state - [amd64] iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() - wifi: ath10k: Fix connection after GTK rekeying - wifi: mac80211: Track NAN interface start/stop - net: intel: fm10k: Fix parameter idx set but not used - r8169: set EEE speed down ratio to 1 - vfio: return -ENOTTY for unsupported device feature - PCI/PM: Skip resuming to D0 if device is disconnected - remoteproc: qcom: q6v5: Avoid handling handover twice - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 - [armhf] net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463 - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream - drm/amd/display: Init dispclk from bootup clock for DCN314 - drm/amd/display: Fix for test crash due to power gating - drm/amd/display: change dc stream color settings only in atomic commit - NFSv4: handle ERR_GRACE on delegation recalls - NFSv4.1: fix mount hang after CREATE_SESSION failure - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing - net: bridge: Install FDB for bridge MAC on VLAN 0 - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() - [amd64] accel/habanalabs/gaudi2: fix BMON disable configuration - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate - [amd64] accel/habanalabs: return ENOMEM if less than requested pages were pinned - [amd64] accel/habanalabs/gaudi2: read preboot status after recovering from dirty state - [amd64] accel/habanalabs: support mapping cb with vmalloc-backed coherent memory - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock - ext4: increase IO priority of fastcommit - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw - [armhf] ASoC: stm32: sai: manage context in set_sysclk callback - [armhf] ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 - ACPI: scan: Update honor list for RPMI System MSI - vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices - net/mlx5e: Don't query FEC statistics when FEC is disabled - net: macb: avoid dealing with endianness in macb_set_hwaddr() - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames - Bluetooth: SCO: Fix UAF on sco_conn_free - Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922 - Bluetooth: bcsp: receive data only if registered - ALSA: usb-audio: add mono main switch to Presonus S1824c - net: stmmac: est: Drop frames causing HLBS error - exfat: limit log print for IO error - exfat: validate cluster allocation bits of the allocation bitmap - 6pack: drop redundant locking and refcounting - page_pool: Clamp pool size to max 16K pages - orangefs: fix xattr related buffer overflow... - ftrace: Fix softlockup in ftrace_module_enable - ksmbd: use sock_create_kern interface to create kernel socket - smb: client: transport: avoid reconnects triggered by pending task work - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr - usb: xhci-pci: Fix USB2-only root hub registration - char: misc: restrict the dynamic range to exclude reserved minors - drm/amd/display: Add fallback path for YCBCR422 - ACPICA: Update dsmethod.c to get rid of unused variable warning - RDMA/irdma: Fix SD index calculation - RDMA/irdma: Remove unused struct irdma_cq fields - RDMA/irdma: Set irdma_cq cq_num field during CQ create - [arm64] RDMA/hns: Fix recv CQ and QP cache affinity - [arm64] RDMA/hns: Fix the modification of max_send_sge - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around - btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation - btrfs: mark dirty extent range for out of bound prealloc extents - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - clk: sunxi-ng: sun6i-rtc: Add A523 specifics - [arm64] rtc: pcf2127: clear minute/second interrupt - 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled - [arm64] clk: scmi: Add duty cycle ops only when duty cycle is supported - 9p: fix /sys/fs/9p/caches overwriting itself - 9p: sysfs_init: don't hardcode error to ENOMEM - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS - ACPI: property: Return present device nodes only on fwnode interface - tools bitmap: Add missing asm-generic/bitsperlong.h include - tools: lib: thermal: don't preserve owner in install - tools: lib: thermal: use pkg-config to locate libnl3 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds - [arm64] rtc: pcf2127: fix watchdog interrupt mask on pcf2131 - net: wwan: t7xx: add support for HP DRMR-H01 - kbuild: uapi: Strip comments before size type check - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity - drm/amdkfd: Fix mmap write lock not release - ceph: add checking of wait_for_completion_killable() return value - ceph: fix potential race condition in ceph_ioctl_lazyio() - ceph: refactor wake_up_bit() pattern of calling - ceph: fix multifs mds auth caps issue - [amd64] x86: use cmov for user address masking - [amd64] x86/runtime-const: Add the RUNTIME_CONST_PTR assembly macro - [amd64] x86: uaccess: don't use runtime-const rewriting in modules - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again - btrfs: ensure no dirty metadata is written back for an fs with errors - media: uvcvideo: Use heuristic to find stream entity - media: videobuf2: forbid remove_bufs when legacy fileio is active - [arm64] drm/mediatek: Disable AFBC support on Mediatek DRM driver - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Closes: #1120680) - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up - [riscv64] ptdump: use seq_puts() in pt_dump_seq_puts() macro - Bluetooth: hci_event: validate skb length for unknown CC opcode - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() - [armhf] net: dsa: tag_brcm: legacy: reorganize functions - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx - net: vlan: sync VLAN features with lower device - gpio: swnode: don't use the swnode's name as the key for GPIO lookup - gpiolib: fix invalid pointer access in debugfs - [armhf] net: dsa: b53: fix resetting speed and pause on forced link - [armhf] net: dsa: b53: fix bcm63xx RGMII port link adjustment - [armhf] net: dsa: b53: fix enabling ip multicast - [armhf] net: dsa: b53: stop reading ARL entries if search is done - sctp: Hold RCU read lock while iterating over address list - sctp: Prevent TOCTOU out-of-bounds write - sctp: Hold sock lock while iterating over address list - net: ionic: add dma_wmb() before ringing TX doorbell - net: ionic: map SKB after pseudo-header checksum prep - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup - bnxt_en: Fix a possible memory leak in bnxt_ptp_init - bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type - bnxt_en: Refactor bnxt_free_ctx_mem() - bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem() - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup - net/mlx5e: Fix return value in case of module EEPROM read error - [arm64] net: ti: icssg-prueth: Fix fdb hash size configuration - net/mlx5e: SHAMPO, Fix skb size check for 64K pages - [armhf] net: dsa: microchip: Fix reserved multicast address table programming - net: bridge: fix use-after-free due to MST port state bypass - net: bridge: fix MST static key usage - tracing: Fix memory leaks in create_field_var() - drm/amd/display: Enable mst when it's detected but yet to be initialized - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() - [arm64] rtc: rx8025: fix incorrect register reference - [amd64] x86/microcode/AMD: Add more known models to entry sign checking - smb: client: validate change notify buffer before copy - smb: client: fix potential UAF in smb2_close_cached_fid() - drm/amdgpu/smu: Handle S0ix for vangogh - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments - virtio-net: fix received length check in big packets - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL - scsi: ufs: core: Add a quirk to suppress link_startup_again - drm/amd/display: update color on atomic commit time - ACPI: SPCR: Check for table version when using precise baudrate - drm/amdgpu: Fix unintended error log in VCN5_0_0 - drm/amdgpu: Fix function header names in amdgpu_connectors.c - drm/amd/display: Fix black screen with HDMI outputs https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.59 - [arm64] drm/mediatek: Add pm_runtime support for GCE power control - [amd64] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD - [amd64] drm/i915: Fix conversion between clock ticks and nanoseconds - smb: client: fix refcount leak in smb2_set_path_attr - drm/amd: Fix suspend failure with secure display TA - drm/xe/guc: Synchronize Dead CT worker with unbind - drm/xe: Move declarations under conditional branch - drm/xe: Do clean shutdown also when using flr - [arm64] kprobes: check the return value of set_memory_rox() - [riscv64] clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors - [riscv64] acpi: avoid errors caused by probing DT devices when ACPI is used - drm/amdgpu: remove two invalid BUG_ON()s - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices - NFS4: Fix state renewals missing after boot - NFS4: Apply delay_retrans to async operations - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - HID: nintendo: Wait longer for initial probe - NFS: check if suid/sgid was cleared after a write as needed - HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel - exfat: fix improper check of dentry.stream.valid_size - smb/server: fix possible memory leak in smb2_read() - smb/server: fix possible refcount leak in smb2_sess_setup() - HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() - erofs: avoid infinite loop due to incomplete zstd-compressed data - [arm64,armhf] net: fec: correct rx_bytes statistic for the case SHIFT16 is set - net: phy: micrel: Introduce lanphy_modify_page_reg - net: phy: micrel: Replace hardcoded pages with defines - net: phy: micrel: lan8814 fix reset of the QSGMII interface - NFSD: Skip close replay processing if XDR encoding fails - Bluetooth: MGMT: cancel mesh send timer when hdev removed - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto - net/smc: fix mismatch between CLC header and proposal - net/handshake: Fix memory leak in tls_handshake_accept() - tipc: Fix use-after-free in tipc_mon_reinit_self(). - net: mdio: fix resource leak in mdiobus_register_device() - wifi: mac80211: skip rate verification for not captured PSDUs - af_unix: Initialise scc_index in unix_add_edge(). - net_sched: act_connmark: use RCU in tcf_connmark_dump() - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak - net/mlx5e: Fix maxrate wraparound in threshold between units - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix potentially misleading debug message - net_sched: limit try_bulk_dequeue_skb() batches - virtio-net: fix incorrect flags recording in big mode - hsr: Fix supervision frame sending on HSRv0 - [amd64] ACPI: CPPC: Detect preferred core availability on online CPUs - [amd64] ACPI: CPPC: Check _CPC validity for only the online CPUs - [amd64] ACPI: CPPC: Perform fast check switch only for online CPUs - [amd64] ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs - Bluetooth: L2CAP: export l2cap_chan_hold for modules - acpi,srat: Fix incorrect device handle check for Generic Initiator - regulator: fixed: fix GPIO descriptor leak on register failure - [arm64] ASoC: codecs: va-macro: fix resource leak in probe error path - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE - ASoC: tas2781: fix getting the wrong device number - pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() - pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS - simplify nfs_atomic_open_v23() - NFSv2/v3: Fix error handling in nfs_atomic_open_v23() - NFS: sysfs: fix leak when nfs_client kobject add fails - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() - NFS: Fix LTP test failures when timestamps are delegated - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd - acpi/hmat: Fix lockdep warning for hmem_register_resource() - bpf: Add bpf_prog_run_data_pointers() - bpf: account for current allocated stack depth in widen_imprecise_scalars() - [riscv64] irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path - proc: fix the issue of proc_mem_open returning NULL - ext4: introduce ITAIL helper - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) - Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) - f2fs: fix to avoid overflow while left shift operation (CVE-2025-40077) - hostfs: Fix only passing host root in boot stage with new mount - virtio-fs: fix incorrect check for fsvq->kobj - fs/namespace: correctly handle errors returned by grab_requested_mnt_ns - sched_ext: Fix unsafe locking in the scx_dump_state() - Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678) - [arm64] dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 - [arm64] dts: rockchip: Make RK3588 GPU OPP table naming less generic - [armhf] dts: imx51-zii-rdu1: Fix audmux node names - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() - HID: playstation: Fix memory leak in dualshock4_get_calibration_data() - HID: uclogic: Fix potential memory leak in error path - [amd64] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated - nfsd: fix refcount leak in nfsd_set_fh_dentry() (CVE-2025-40212) - nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes - NFSD: free copynotify stateid in nfs4_free_ol_stateid() - ksmbd: close accepted socket when per-IP limit rejects connection - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item - strparser: Fix signed/unsigned mismatch bug - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe - nilfs2: avoid having an active sc_timer before freeing sci - wifi: mac80211: reject address change while connecting - fs/proc: fix uaf in proc_readdir_de() - mm/mm_init: fix hash table order logging in alloc_large_system_hash() - mm/shmem: fix THP allocation and fallback loop - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 - mmc: dw_mmc-rockchip: Fix wrong internal phase calculate - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer - cifs: client: fix memory leak in smb3_fs_context_parse_param - codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext - crash: fix crashkernel resource shrink - smb: client: fix cifs_pick_channel when channel needs reconnect - spi: Try to get ACPI GPIO IRQ earlier - [amd64] x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev - ftrace: Fix BPF fexit with livepatch - PM: hibernate: Emit an error when image writing fails - PM: hibernate: Use atomic64_t for compressed_size variable - btrfs: zoned: fix conventional zone capacity calculation - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() - btrfs: do not update last_log_commit when logging inode due to a new name - btrfs: release root after error in data_reloc_print_warning_inode() - drm/amdkfd: relax checks for over allocation of save area - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration failure - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove - [arm64,armhf] pmdomain: samsung: plug potential memleak during probe - mptcp: fix MSG_PEEK stream corruption - wifi: cfg80211: add an hrtimer based delayed work item - wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work - mm, percpu: do not consider sleepable allocations atomic - [amd64] KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() - [amd64] KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file - [amd64] KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying - net: netpoll: Individualize the skb pool - net: netpoll: flush skb pool during cleanup - net: netpoll: fix incorrect refcount handling causing incorrect cleanup - [amd64] KVM: VMX: Split out guts of EPT violation to common/exposed function - [amd64] KVM: VMX: Fix check for valid GVA on an EPT violation - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (CVE-2025-40097) - io_uring/napi: fix io_napi_entry RCU accesses - uio_hv_generic: Set event for all channels on the device (Closes: #1120602) - mm/memory: do not populate page table entries beyond i_size - mm/truncate: unmap large folio on split failure - mm/secretmem: fix use-after-free race in fault handler - mm/huge_memory: do not change split_huge_page*() target order silently - mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() - net: phy: micrel: Fix lan8814_config_init - net: netpoll: ensure skb_pool list is always initialized - proc: proc_maps_open allow proc_mem_open to return NULL - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CVE-2025-40213) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.60 - [arm64] KVM: arm64: Check the untrusted offset in FF-A memory share - timers: Fix NULL function pointer race in timer_shutdown_sync() - HID: amd_sfh: Stop sensor before starting - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Closes: #1114557) - [arm64] dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 - mtdchar: fix integer overflow in read/write ioctls - isofs: check the return value of sb_min_blocksize() in isofs_fill_super - shmem: fix tmpfs reconfiguration (remount) when noswap is set - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector - mptcp: Disallow MPTCP subflows from sockmap - mptcp: Fix proto fallback detection with BPF - ata: libata-scsi: Fix system suspend for a security locked drive - smb: client: introduce close_cached_dir_locked() - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() - be2net: pass wrb_params in case of OS2BMC - [armhf] net: dsa: microchip: lan937x: Fix RGMII delay tuning - [arm64,armhf] Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" - Input: cros_ec_keyb - fix an invalid memory access - Input: goodix - add support for ACPI ID GDIX1003 - Input: pegasus-notetaker - fix potential out-of-bounds access - mm/mempool: fix poisoning order>0 pages with HIGHMEM - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() - scsi: sg: Do not sleep in atomic context - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups - mptcp: fix race condition in mptcp_schedule_work() - mptcp: fix ack generation for fallback msk - mptcp: fix duplicate reset on fastclose - mptcp: fix premature close in case of fallback - mptcp: avoid unneeded subflow-level drops - mptcp: decouple mptcp fastclose from tcp close - mptcp: do not fallback when OoO is present - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple() - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock - drm/amd: Skip power ungate during suspend for VPE - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled - drm/amd/display: Increase DPCD read retries - drm/amd/display: Move sleep into each retry for retrieve_link_cap() - drm/amd/display: Fix pbn to kbps Conversion - drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 - xfrm: drop SA reference in xfrm_state_update if dir doesn't match - xfrm: set err and extack on failure to create pcpu SA - xfrm: Determine inner GSO type from packet inner protocol - xfrm: Prevent locally generated packets from direct output in tunnel mode - [amd64] pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - [arm64,armhf] drm/tegra: Add call to put_pid() - net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() - net: openvswitch: remove never-working support for setting nsh fields - nvme-multipath: fix lockdep WARN due to partition scan work - [s390x] ctcm: Fix double-kfree - [amd64] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - [amd64,arm64] idpf: fix possible vport_config NULL pointer deref in remove - ice: fix PTP cleanup on driver removal in error path - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy - net/mlx5: Clean up only new IRQ glue on request_irq() failure - af_unix: Cache state->msg in unix_stream_read_generic(). - af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). - cifs: fix memory leak in smb3_fs_context_parse_param error path - vsock: Ignore signal/timeout on connect() if already established - bcma: don't register devices disabled in OF - cifs: fix typo in enable_gcm_256 module parameter - scsi: core: Fix a regression triggered by scsi_host_busy() - [amd64] x86/microcode/AMD: Limit Entrysign signature checking to known generations - net: tls: Change async resync helpers argument - blk-crypto: use BLK_STS_INVAL for alignment errors - net: tls: Cancel RX async resync request on rcd_delta overflow - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check - [arm64] KVM: arm64: Make all 32bit ID registers fully writable - drm/xe: Prevent BIT() overflow when handling invalid prefetch region - [s390x] mm: Fix __ptep_rdp() inline assembly - ALSA: usb-audio: fix uac2 clock source at terminal parser - tracing/tools: Fix incorrcet short option in usage text for --threads - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough - smb: client: fix incomplete backport in cfids_invalidation_worker() - tty/vt: fix up incorrect backport to stable releases - maple_tree: fix tracepoint string pointers - [amd64] drm/i915/dp_mst: Disable Panel Replay - mptcp: fix a race in mptcp_pm_del_add_timer() - xfs: Replace strncpy with memcpy - xfs: fix out of bounds memory read error in symlink repair - drm/amd/display: avoid reset DTBCLK at clock init - drm/amd/display: disable DPP RCG before DPP CLK enable - drm/amd/display: Insert dccg log for easy debug - drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched - Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.61 - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface - Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind - Bluetooth: SMP: Fix not generating mackey and ltk when repairing - net: sched: generalize check for no-queue qdisc on TX queue - veth: apply qdisc backpressure on full ptr_ring to reduce TX drops - veth: prevent NULL pointer dereference in veth_xdp_rcv - veth: more robust handing of race to avoid txq getting stuck - veth: reduce XDP no_direct return section to fix race - [amd64] platform/x86: intel: punit_ipc: fix memory corruption - net: aquantia: Add missing descriptor cache invalidation on ATL2 - net: lan966x: Fix the initialization of taprio - drm/xe: Fix conversion from clock ticks to milliseconds - net/mlx5e: Fix validation logic in rate limiting - team: Move team device type change at the end of team_port_add - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling - net: wwan: mhi: Keep modem name match with Foxconn T99W640 - net: atlantic: fix fragment overflow handling in RX path - [arm64,armhf] net: fec: cancel perout_timer when PEROUT is disabled - [arm64,armhf] net: fec: do not update PEROUT if it is enabled - [arm64,armhf] net: fec: do not allow enabling PPS and PEROUT simultaneously - [arm64,armhf] net: fec: do not register PPS event for PEROUT - iio: st_lsm6dsx: Fixed calibrated timestamp calculation - [arm64] mailbox: mtk-cmdq: Refine DMA address handling for the command buffer - mailbox: pcc: Refactor error handling in irq handler into separate function - mailbox: pcc: don't zero error register - fs/namespace: fix reference leak in grab_requested_mnt_ns - spi: spi-mem: Allow specifying the byte order in Octal DTR mode - spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency - spi: spi-mem: Add a new controller capability - [arm64] spi: nxp-fspi: Support per spi-mem operation frequency switches - [arm64] spi: spi-nxp-fspi: remove the goto in probe - [arm64] spi: spi-nxp-fspi: Add OCT-DTR mode support - [arm64] spi: nxp-fspi: Propagate fwnode in ACPI case as well - Revert "drm/amd/display: Move setup_stream_attribute" - [amd64] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - iio: buffer-dma: support getting the DMA channel - iio: buffer-dmaengine: enable .get_dma_dev() - iio: buffer: support getting dma channel from the buffer - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411) - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 - [arm64] dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref - can: sja1000: fix max irq loop handling - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling - ceph: fix crash in process_v2_sparse_read() for encrypted directories - dm-verity: fix unreliable memory allocation - drivers/usb/dwc3: fix PCI parent check - smb: client: fix memory leak in cifs_construct_tcon() - [amd64] thunderbolt: Add support for Intel Wildcat Lake - [arm64] slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves - nvmem: layouts: fix nvmem_layout_bus_uevent - firmware: stratix10-svc: fix bug in saving controller data - mm/memfd: fix information leak in hugetlb folios - mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level - mptcp: clear scheduled subflows on retransmit - mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). - [arm*] serial: amba-pl011: prefer dma_mapping_error() over explicit address checking - usb: cdns3: Fix double resource release in cdns3_pci_probe - usb: gadget: f_eem: Fix memory leak in eem_unwrap - usb: storage: Fix memory leak in USB bulk transport - USB: storage: Remove subclass and protocol overrides from Novatek quirk - usb: storage: sddr55: Reject out-of-bound new_pba - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer - [amd64,arm64] usb: dwc3: pci: add support for the Intel Nova Lake -S - [amd64,arm64] usb: dwc3: pci: Sort out the Intel device IDs - [amd64,arm64] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths - xhci: fix stale flag preventig URBs after link state error is cleared - xhci: dbgtty: Fix data corruption when transmitting data form DbC to host - xhci: dbgtty: fix device unregister - USB: serial: ftdi_sio: add support for u-blox EVK-M101 - USB: serial: option: add support for Rolling RW101R-GL - drm: sti: fix device leaks at component probe - drm/amd/amdgpu: reserve vm invalidation engine for uni_mes - drm/amd/display: Check NULL before accessing - drm/amd/display: Don't change brightness for disabled connectors - [armhf] net: dsa: microchip: common: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: ptp: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: Don't free uninitialized ksz_irq - libceph: fix potential use-after-free in have_mon_and_osd_map() - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() - libceph: replace BUG_ON with bounds check for map->max_osd - staging: rtl8712: Remove driver using deprecated API wext - nfsd: Replace clamp_t in nfsd4_get_drc_mem() - usb: typec: ucsi: psy: Set max current to zero when disconnected - usb: udc: Add trace event for usb_gadget_set_state - usb: gadget: udc: fix use-after-free in usb_gadget_state_work - mm/huge_memory: fix NULL pointer deference when splitting folio - [amd64] KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() - [amd64] KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() - [amd64] KVM: nSVM: Fix and simplify LBR virtualization handling with nested - [amd64] KVM: SVM: Fix redundant updates of LBR MSR intercepts - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup - [armhf] net: dsa: microchip: Do not execute PTP driver code for unsupported switches - [armhf] net: dsa: microchip: Free previously initialized ports on init failures - wifi: ath12k: correctly handle mcast packets for clients - Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" - [amd64] drm/i915/dp: Initialize the source OUI write timestamp always - [arm64] spi: spi-nxp-fspi: Check return value of devm_mutex_init() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.62 - xfrm: delete x->tunnel as we delete x - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added - xfrm: flush all states in xfrm_state_fini - Documentation: process: Also mention Sasha Levin as stable tree maintainer - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted - ext4: refresh inline data size before write operations - ksmbd: ipc: fix use-after-free in ipc_msg_send_request - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() - [amd64] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced - USB: serial: option: add Foxconn T99W760 - USB: serial: option: add Telit Cinterion FE910C04 new compositions - USB: serial: option: move Telit 0x10c7 composition in the right place - USB: serial: ftdi_sio: match on interface number for jtag - serial: add support of CPCI cards - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() - [arm64,armhf] ipi: imx: keep dma request disabled before dma transfer setup - drm/vmwgfx: Use kref in vmw_bo_dirty - Bluetooth: btrtl: Avoid loading the config file on security chips - smb: fix invalid username check in smb3_fs_context_parse_param() - drm/amdkfd: Fix GPU mappings for APU after prefetch - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series - bfs: Reconstruct file type when loading from disk - HID: hid-input: Extend Elan ignore battery quirk to USB - nvme: fix admin request_queue lifetime - [arm64] pinctrl: qcom: msm: Fix deadlock in pinmux configuration - [amd64] platform/x86: acer-wmi: Ignore backlight event - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list - [amd64] platform/x86: huawei-wmi: add keys for HONOR models - [amd64] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list - [amd64] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally - HID: elecom: Add support for ELECOM M-XT3URBK (018F) - wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 - [amd64] comedi: check device's attached status in compat ioctls - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing - bus: mhi: host: pci_generic: Add Telit FN920C04 modem support - bus: mhi: host: pci_generic: Add Telit FN990B40 modem support https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.63 - [arm64,armhf] gpu: host1x: Fix race in syncpt alloc/free - [amd64] accel/ivpu: Prevent runtime suspend during context abort work - [amd64] accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail - [amd64] accel/ivpu: Make function parameter names consistent - [amd64] accel/ivpu: Fix DCT active percent format - drm/vgem-fence: Fix potential deadlock on release - USB: Fix descriptor count when handling invalid MBIM extended descriptor - [arm64] pinctrl: renesas: rzg2l: Fix PMC restore - [arm64] clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback - [arm64] clk: renesas: Use str_on_off() helper - [arm64] clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register - [arm64] clk: renesas: cpg-mssr: Read back reset registers to assure values latched - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() - objtool: Fix standalone --hacks=jump_label - objtool: Fix weak symbol detection - wifi: ath10k: Avoid vdev delete timeout when firmware is already down - wifi: ath10k: Add missing include of export.h - wifi: ath10k: move recovery check logic into a new work - wifi: ath11k: restore register window after global reset - sched/fair: Forfeit vruntime on yield - [arm*] irqchip/irq-brcmstb-l2: Fix section mismatch - [arm64,armhf] irqchip/imx-mu-msi: Fix section mismatch - [arm64] irqchip/renesas-rzg2l: Fix section mismatch - [riscv64] irqchip/starfive-jh8100: Fix section mismatch - [arm64] irqchip/qcom-irq-combiner: Fix section mismatch - crypto: authenc - Correctly pass EINPROGRESS back up to the caller - ntfs3: fix uninit memory after failed mi_read in mi_format_new - ntfs3: Fix uninit buffer allocated by __getname() - dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets - dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets - clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets - rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() - inet: Avoid ehash lookup race in inet_ehash_insert() - inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() - firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc - block/mq-deadline: Introduce dd_start_request() - block/mq-deadline: Switch back to a single dispatch list - [arm64] dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props - [arm64] dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl - [arm64] dts: imx8mp-venice-gw702x: remove off-board uart - [arm64] dts: imx8mp-venice-gw702x: remove off-board sdhc1 - perf annotate: Check return value of evsel__get_arch() properly - [arm64] dts: exynos: gs101: fix sysreg_apm reg property - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe - soc: Switch back to struct platform_driver::remove() - [arm64] soc: qcom: gsbi: fix double disable caused by devm - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id - wifi: ath11k: fix VHT MCS assignment - wifi: ath11k: fix peer HE MCS assignment - [s390x] smp: Fix fallback CPU detection - [s390x] ap: Don't leak debug feature files if AP instructions are not available - [arm64] dts: ti: k3-am62p: Fix memory ranges for GPU - firmware: imx: scu-irq: fix OF node leak in - [arm64] dts: qcom: x1e80100: Fix compile warnings for USB HS controller - [arm64] dts: qcom: x1e80100: Add missing quirk for HS only USB controller - [arm64] dts: qcom: sdm845-oneplus: Correct gpio used for slider - [arm64] dts: qcom: sm8650: set ufs as dma coherent - [arm64] dts: qcom: qcm6490-shift-otter: Add missing reserved-memory - phy: mscc: Fix PTP for VSC8574 and VSC8572 - sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure - Revert "mtd: rawnand: marvell: fix layouts" - [arm64,armhf] mtd: nand: relax ECC parameter validation check - perf: Remove get_perf_callchain() init_nr argument - bpf: Refactor stack map trace depth calculation into helper function - bpf: Fix stackmap overflow check in __bpf_get_stackid() - [amd64] perf/x86/intel/cstate: Remove PC3 support from LunarLake - task_work: Fix NMI race condition - [amd64] x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() - tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set - [arm64] soc: qcom: smem: fix hwspinlock resource leak in probe error paths - [armhf] pinctrl: stm32: fix hwspinlock resource leak in probe function - i3c: fix refcount inconsistency in i3c_master_register - i3c: master: svc: Prevent incomplete IBI transaction - wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() - [arm64] interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS - [arm64] dts: qcom: msm8996: add interconnect paths to USB2 controller - interconnect: debugfs: Fix incorrect error handling for NULL path - drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() - perf lock contention: Load kernel map before lookup - perf record: skip synthesize event when open evsel failed - power: supply: rt5033_charger: Fix device node reference leaks - power: supply: cw2015: Check devm_delayed_work_autocancel() return code - power: supply: max17040: Check iio_read_channel_processed() return code - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() - power: supply: wm831x: Check wm831x_set_bits() return value - power: supply: apm_power: only unset own apm_get_power_status - scsi: target: Do not write NUL characters into ASCII configfs output - fs/9p: Don't open remote file with APPEND mode when writeback cache is used - [arm64] drm/panthor: Handle errors returned by drm_sched_entity_init() - [arm64] drm/panthor: Fix group_free_queue() for partially initialized queues - [arm64] drm/panthor: Fix UAF race between device unplug and FW event processing - [arm64] drm/panthor: Fix race with suspend during unplug - [arm64] drm/panthor: Fix UAF on kernel BO VA nodes - libbpf: Fix parsing of multi-split BTF - [armhf] dts: am335x-netcom-plus-2xx: add missing GPIO labels - [armhf] dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible - [armhf] dts: omap3: n900: Correct obsolete TWL4030 power compatible - [amd64] x86/boot: Fix page table access in 5-level to 4-level paging transition - efi/libstub: Fix page table access in 5-level to 4-level paging transition - ext4: correct the checking of quota files before moving extents - [amd64] perf/x86/intel: Correct large PEBS flag check - regulator: core: disable supply if enabling main regulator fails - md: fix rcu protection in md_wakeup_thread - nbd: defer config put in recv_work - scsi: stex: Fix reboot_notifier leak in probe error path - scsi: smartpqi: Fix device resources accessed after device removal - dt-bindings: PCI: amlogic: Fix the register name of the DBI region - RDMA/rtrs: server: Fix error handling in get_or_create_srv - ntfs3: init run lock for extend inode - [arm64] drm/panthor: Fix potential memleak of vma structure - scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() - [amd64] cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs - [powerpc*] kdump: Fix size calculation for hot-removed memory ranges - [powerpc*] 32: Fix unpaired stwcx. on interrupt exit - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() - nbd: defer config unlock in nbd_genl_connect - coresight: Change device mode to atomic type - [arm64] coresight: etm4x: Correct polling IDLE bit - [arm64] coresight: etm4x: Extract the trace unit controlling - [arm64] coresight: etm4x: Add context synchronization before enabling trace - lib/vsprintf: Check pointer before dereferencing in time_and_date() - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() - scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls - leds: netxbig: Fix GPIO descriptor leak in error paths - bpf: Free special fields when update [lru_,]percpu_hash maps - PCI: keystone: Exit ks_pcie_probe() for invalid mode - [arm64] dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C - [amd64] crypto: iaa - Fix incorrect return value in save_iaa_wq() - [arm64] drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype - ps3disk: use memcpy_{from,to}_bvec index - bpf: Handle return value of ftrace_set_filter_ip in register_fentry - bpf: Check skb->transport_header is set in bpf_skb_check_mtu - watchdog: wdat_wdt: Fix ACPI table leak in probe function - watchdog: starfive: Fix resource leak in probe error path - tracefs: fix a leak in eventfs_create_events_dir() - NFSD/blocklayout: Fix minlength check in proc_layoutget - block/blk-throttle: Fix throttle slice time for SSDs - [arm64] drm/msm/a2xx: stop over-complaining about the legacy firmware - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() - bpf: Fix invalid prog->stats access when update_effective_progs fails - [powerpc*] 64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit - [powerpc*] 64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format - fs/ntfs3: out1 also needs to put mi - fs/ntfs3: Prevent memory leaks in add sub record - [arm64] drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue - [arm64] drm/msm/a6xx: Flush LRZ cache before PT switch - [arm64] drm/msm/a6xx: Fix the gemnoc workaround - [arm64] drm/msm/a6xx: Improve MX rail fallback in RPMH vote init - ipv6: clear RA flags when adding a static route (Closes: #1117959) - pwm: bcm2835: Make sure the channel is enabled after pwm_request() - scsi: qla2xxx: Fix improper freeing of purex item - [amd64] iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb - wifi: mac80211: fix CMAC functions not handling errors - [arm64] mfd: mt6397-irq: Fix missing irq_domain_remove() in error path - [arm64] mfd: mt6358-irq: Fix missing irq_domain_remove() in error path - leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM - [arm64] phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() - [arm64] phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth - [arm64] phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits - net: phy: adin1100: Fix software power-down ready condition - cpuset: Treat cpusets in attaching as populated - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() - RAS: Report all ARM processor CPER information to userspace - ima: Handle error code returned by ima_filter_rule_match() - usb: chaoskey: fix locking for O_NONBLOCK - usb: dwc2: disable platform lowlevel hw resources during shutdown - usb: dwc2: fix hang during shutdown if set as peripheral - usb: dwc2: fix hang during suspend if set as peripheral - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE - [riscv64] KVM: Fix guest page fault within HLV* instructions - erofs: limit the level of fs stacking for file-backed mounts - RDMA/bnxt_re: Fix the inline size for GenP7 devices - RDMA/bnxt_re: Pass correct flag for dma mr creation - ASoC: tas2781: correct the wrong period - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() - [arm64] iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables - btrfs: fix leaf leak in an error path in btrfs_del_items() - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition - drm/nouveau: restrict the flush page to a 32-bit address - iomap: factor out a iomap_dio_done helper - iomap: always run error completions in user context - wifi: ieee80211: correct FILS status codes - backlight: led-bl: Add devlink to supplier LEDs - backlight: lp855x: Fix lp855x.h kernel-doc warnings - [arm64] iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal - RDMA/irdma: Fix data race in irdma_sc_ccq_arm - RDMA/irdma: Fix data race in irdma_free_pble - RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY - [arm64] drm/panthor: Avoid adding of kernel BOs to extobj list - gfs2: Prevent recursive memory reclaim - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() - hwmon: sy7636a: Fix regulator_enable resource leak on error path - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 - ublk: prevent invalid access with DEBUG - ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation - of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node - virtio_vdpa: fix misleading return in void function - virtio: fix typo in virtio_device_ready() comment - virtio: fix whitespace in virtio_config_ops - virtio: fix grammar in virtio_queue_info docs - virtio: fix virtqueue_set_affinity() docs - vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues - vhost: Fix kthread worker cgroup failure handling - vdpa/pds: use %pe for ERR_PTR() in event handler registration - [amd64] ASoC: Intel: catpt: Fix error path in hw_params() - [armhf] dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex - resource: replace open coded resource_intersection() - resource: introduce is_type_match() helper and use it - Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" - netfilter: flowtable: check for maximum number of encapsulations in bridge vlan - netfilter: nf_conncount: rework API to use sk_buff directly - netfilter: nft_connlimit: update the count if add was skipped - net: stmmac: fix rx limit check in stmmac_rx_zc() - vfio/pci: Use RCU for error/request triggers to avoid circular locking - net: phy: aquantia: check for NVMEM deferral - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds - [arm64] remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs - md/raid5: fix IO hang when array is broken with IO inflight - net: hsr: remove one synchronize_rcu() from hsr_del_port() - net: hsr: remove synchronize_rcu() from hsr_add_port() - net: hsr: Create and export hsr_get_port_ndev() - net: hsr: create an API to get hsr port type - net: dsa: xrs700x: reject unsupported HSR configurations - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325) - perf tools: Mark split kallsyms DSOs as loaded - perf tools: Fix split kallsyms DSO counting - perf hist: In init, ensure mem_info is put on error paths - [arm64,armhf] pinctrl: single: Fix incorrect type for error return variable - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() - 9p: fix cache/debug options printing in v9fs_show_options - sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out - [amd64] platform/x86:intel/pmc: Update Arrow Lake telemetry GUID - f2fs: keep POSIX_FADV_NOREUSE ranges - f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages - f2fs: fix to avoid running out of free segments - f2fs: add carve_out sysfs node - f2fs: sysfs: add encoding_flags entry - f2fs: introduce reserved_pin_section sysfs entry - f2fs: add gc_boost_gc_multiple sysfs node - f2fs: add gc_boost_gc_greedy sysfs node - f2fs: maintain one time GC mode is enabled during whole zoned GC cycle - NFS: Avoid changing nlink when file removes and attribute updates race - fs/nls: Fix utf16 to utf8 conversion - NFS: Initialise verifiers for visible dentries in readdir and lookup - NFS: Initialise verifiers for visible dentries in nfs_atomic_open() - nfs/vfs: discard d_exact_alias() - NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid - Revert "nfs: ignore SB_RDONLY when remounting nfs" - Revert "nfs: clear SB_RDONLY before getting superblock" - Revert "nfs: ignore SB_RDONLY when mounting nfs" - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags - Expand the type of nfs_fattr->valid - NFS: Fix inheritance of the block sizes when automounting - fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() - [amd64] platform/x86: asus-wmi: use brightness_set_blocking() for kbd led - blk-mq: Abort suspend when wakeup events are pending - block: fix comment for op_is_zone_mgmt() to include RESET_ALL - block: fix memory leak in __blkdev_issue_zero_pages - nvme-auth: use kvfree() for memory allocated with kvcalloc() - drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() - regulator: fixed: Rely on the core freeing the enable GPIO - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events - drm/nouveau: refactor deprecated strcpy - cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 - docs: hwmon: fix link to g762 devicetree binding - dma/pool: eliminate alloc_pages warning in atomic_pool_expand - ALSA: uapi: Fix typo in asound.h comment - drm/amdkfd: Use huge page size to check split svm range alignment - rtc: gamecube: Check the return value of ioremap() - ALSA: firewire-motu: add bounds check in put_user loop for DSP events - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock - block: return unsigned int from queue_dma_alignment - dm-raid: fix possible NULL dereference with undefined raid type - dm log-writes: Add missing set_freezable() for freezable kthread - efi/cper: Add a new helper function to print bitmasks - efi/cper: Adjust infopfx size to accept an extra space - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (CVE-2025-68324) - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() - ocfs2: fix memory leak in ocfs2_merge_rec_left() - net: lan743x: Allocate rings outside ZONE_DMA - net: dst: introduce dst->dev_rcu - tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075) - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt - usb: phy: Initialize struct usb_phy list_head - usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required - ALSA: dice: fix buffer overflow in detect_stream_formats() - ALSA: wavefront: Fix integer overflow in sample size validation . [ Uwe Kleine-König ] * [armhf] Enable LEDS_TURRIS_OMNIA as a module for Turris Omnia LED support. . [ Maxwell Pevner ] * drivers/hid: Enable HID_UNIVERSAL_PIDFF as module (Closes: #1122144) lua-wsapi (1.6.1-3+deb13u1) trixie; urgency=medium . * Fix Homepage. * Recover common module for lua5.1. (Closes: #1123592) lxc (1:6.0.4-4+deb13u1) trixie; urgency=medium . [ Frost ] * Add lxc-net dependency to sysvinit script (Closes: #1122149) . [ Mathias Gibbens ] * Cherry-pick upstream fix to stop printing misleading errors in enter_net_ns() (Closes: #1118024) * Cherry-pick upstream fix for generating apparmor.d/abstractions/lxc/container-base (partially addresses: #1111087) * Cherry-pick upstream fix for restarting unprivileged containers (Closes: #1123979) lxd (5.0.2+git20231211.1364ae4-9+deb13u2) trixie; urgency=medium . * Cherry-pick upstream fix for broken idmapping with kernel 6.9+ * Cherry-pick upstream fix for CVE-2025-64507 / GHSA-56mx-8g9f-5crf matlab-support (0.1.1+deb13u1) trixie; urgency=medium . * No longer rename libvulkan.so.1 and libfreetype.so.6 in postinst (Closes: #1120681) mbedtls (3.6.5-0.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . mbedtls (3.6.5-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-54764: Side channel in RSA key generation and operations (Closes: #1118750) - CVE-2025-59438: Padding oracle through timing of cipher error reporting (Closes: #1118752) mediawiki (1:1.43.6+dfsg-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. mediawiki (1:1.43.5+dfsg-1) unstable; urgency=medium . * New upstream version 1.43.5, fixing CVE-2025-11173, CVE-2025-61634, CVE-2025-61635, CVE-2025-61636, CVE-2025-61637, CVE-2025-61638, CVE-2025-61639, CVE-2025-61640, CVE-2025-61641, CVE-2025-61642, CVE-2025-61643, CVE-2025-61646, CVE-2025-61652, CVE-2025-61653, CVE-2025-61654, CVE-2025-61655, CVE-2025-61656, CVE-2025-61657. This version is not affected by CVE-2025-61645. * Drop patches merged upstream. * Include the font required to render the two-factor authentication enabling interface. mirrorbits (0.6.1-1~deb13u1) trixie; urgency=medium . * New upstream version [0.6.1] * Fix "Internal Server Error" regressions. Mirrorbits must redirect users to the fallback mirror(s) if ever the database is unreachable. This was broken in version 0.6, and fixed in 0.6.1. * Normalize URL for fallback mirror(s), as it's done for all the other mirrors. Fix bogus redirections if ever the fallback URL doesn't end with a trailing slash. mongo-c-driver (1.30.4-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-12119: mongoc_bulk_operation_t may read invalid memory if large options are passed. mutter (48.7-0+deb13u1) trixie; urgency=medium . * Team upload * New upstream stable release 48.6 - Fix drag-and-drop actions not working reliably in some X11 clients (mutter#4288 upstream) - Fix delayed frame presentation with the commit-timing-v1 Wayland extension (mutter#4258 upstream) - Avoid a crash if a GNOME Shell extension tries to delete the same window more than once (mutter#4319 upstream) - Avoid a crash in the Wayland session if a non-GNOME desktop environment previously set the cursor size in GSettings to zero; recover by resetting it to the default, 24px (mutter#3933 upstream) - Fix crashes if a GNOME Shell extension uses certain Cogl pipeline APIs (mutter#4352 upstream) - Save the intended size for tiled windows when saving session state (mutter!4697 upstream) - Avoid potential crashes when saving the state of a window with no valid toplevel state (mutter!4697 upstream) - Remove dead code detected by static analysis (mutter!4697 upstream) * New upstream stable release 48.7 - For fullscreen Wayland windows, if the window has a size limit smaller than the screen, add black borders around the limited size and log a warning (mutter!4587 upstream) - Avoid a crash when activating a notification that has no app info (mutter!4705 upstream) - Avoid a potential crash when checking whether a client owns a window that is disappearing (mutter!4643 upstream) - Test suite enhancements . [ Simon McVittie ] * d/libmutter-test-16.symbols: Update for new ABI added by the test suite enhancements (nothing in Debian outside the mutter source package is likely to use this, except possibly a future version of gnome-shell) * Revert "d/gbp/conf, d/control: Switch packaging branch for forky" * Add a mention of #1121170 to the previous changelog entry mutter (48.5-1) unstable; urgency=medium . * Team upload * New upstream stable release - Fix X11 drag-and-drop with a graphics tablet stylus, which would previously freeze the application (mutter#3914 upstream) - Fix a file descriptor leak that would cause a crash after a long screencast (mutter#4251 upstream) - Fix crash with an assertion failure when screencasting from an Apple aarch64 system (mutter#4224 upstream) - Fix detection of the "Privacy Screen" feature on hardware that supports it (mutter#4259 upstream) - Update the EIS viewport used for input capture when a virtual monitor stream is resized (mutter!4622 upstream) - Fix a crash when combining the screen time limit's greyscale effect, the screen magnifier and the screenshot tool (mutter#8634 upstream) - Fix a crash when unplugging a docking station with two monitors (mutter#4262 upstream) - Translation update: th * d/gbp/conf, d/control: Switch packaging branch for forky node-nodemailer (6.10.0+~6.4.17-1+deb13u1) trixie; urgency=medium . * Fix addressparser handling of quoted nested email addresses (Closes: CVE-2025-13033) openconnect (9.12-3+deb13u2) trixie; urgency=medium . * Non-maintainer upload. * use the unsigned printf qualifier for size_t : fixes MinGW{32,64} build * Use RFC9266 'tls-exporter' channel bindings for Cisco STRAP with TLSv1.3 (Closes: #1099497) openconnect (9.12-3+deb13u1) trixie; urgency=medium . * Non-maintainer upload. [ Luca Boccassi ] * d/copyright: update Upstream-Contact to mailing list . [ Lee Garrett ] * Patch: Respect path in AnyConnect/OpenConnect XML form handling (Closes: #1119239) * Update debian/gbp.conf to match debian/trixie branch openvpn (2.6.14-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patches for CVE-2025-13086 - check-message-id.patch: Check message id/acked ids too when doing sessionid cookie checks - bugfix for floating client problem, code prequesite for the CVE patch to apply - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the 3way handshake being inverted (Closes: #1121086) * fix-ftbfs-kernel-6.16.patch: Fix compilation against 6.16+ kernel headers (Closes: #1114249) * d/gbp.conf: set debian-branch for trixie pdfminer (20221105+dfsg-1.1~deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for trixie-security pdfminer (20221105+dfsg-1.1~deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for bookworm-security pdns-recursor (5.2.7-0+deb13u1) trixie-security; urgency=medium . * New upstream version 5.2.7, fixing CVE-2025-59030. pgbouncer (1.24.1-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the Debian LTS Security Team. * CVE-2025-12819: execute arbitrary SQL during authentication. Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage. postgresql-17 (17.7-0+deb13u1) trixie; urgency=medium . * New upstream version 17.7. . + Check for CREATE privileges on the schema in CREATE STATISTICS (Jelte Fennema-Nio) . This omission allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. . The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this problem. (CVE-2025-12817) . + Avoid integer overflow in allocation-size calculations within libpq (Jacob Champion) . Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. . The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies for reporting this problem. (CVE-2025-12818) postgresql-17 (17.6-1) unstable; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. * Drop obsolete patches: focal-arm64-outline-atomics, jit-s390x. pylint-django (2.0.13-5+deb13u1) trixie; urgency=medium . * Add salsa-ci.yml. * Add smoke autopkgtest. * Delete unused broken unit-tests-p3 autopkgtest. * Fix scoped_nodes import (Closes: #1121404). qemu (1:10.0.7+ds-0+deb13u1) trixie; urgency=medium . * 10.0.7 upstream stable/bugfix release: - Update version for 10.0.7 release - kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value - docs/devel: Update URL for make-pullreq script - target/arm: Fix assert on BRA. - hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN - hw/core/machine: Provide a description for aux-ram-share property - hw/pci: Make msix_init take a uint32_t for nentries - block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit() - block-backend: Fix race when resuming queued requests - ui/vnc: Fix qemu abort when query vnc info - chardev/char-pty: Do not ignore chr_write() failures - hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() - hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs - hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure - migration: Fix transition to COLO state from precopy - qmp: Fix a typo for a USO feature - MAINTAINERS: Add functional tests that are not covered yet - tests/functional: Remove unnecessary import statements - tests/functional: Remove semicolons at the end of lines - Remove the remainders of the Avocado tests - docs/devel/testing: Dissolve the ci-definitions.rst.inc file - gitlab-ci: Update QEMU_JOB_AVOCADO and QEMU_CI_AVOCADO_TESTING - tests/functional: Convert the SMMU test to the functional framework - tests/functional: Use the tuxrun kernel for the aarch64 replay test - tests/functional: Use the tuxrun kernel for the x86 replay test - tests/avocado: Remove the boot_linux.py tests - tests/functional: Convert the 64-bit big endian Wheezy mips test - tests/functional: Convert the 64-bit little endian Wheezy mips test - tests/functional: Convert the 32-bit little endian Wheezy mips test - tests/functional: Convert the 32-bit big endian Wheezy mips test - tests/avocado: Remove the LinuxKernelTest class - tests/functional: Convert the i386 replay avocado test - tests/functional: Convert reverse_debugging tests to the functional framework - tests/functional: Move the check for the parameters from avocado to functional - gitlab-ci: Remove the avocado tests from the CI pipelines - tests/functional/test_vnc: skip test if no crypto backend available - target/i386: fix stack size when delivering real mode interrupts - target/i386: svm: fix sign extension of exit code - target/i386/tcg: validate segment registers - target/i386: Mark VPERMILPS as not valid with prefix 0 - hw/southbridge/lasi: Correct LasiState parent - hw/dma/zynq-devcfg: Fix register memory - tests/functional: handle URLError when fetching assets - tests/functional: fix formatting of exception args - block/io: Take reqs_lock for tracked_requests - nvme: Fix coroutine waking - nvme: Kick and check completions in BDS context - curl: Fix coroutine waking - nfs: Run co BH CB in the coroutine’s AioContext - rbd: Run co BH CB in the coroutine’s AioContext - tests: move test_virt_gpu to share.linaro.org - tests: move test_kvm_xen to share.linaro.org - tests: move test_netdev_ethtool to share.linaro.org - tests: move test_virt assets to share.linaro.org - tests: move test_xen assets to share.linaro.org - block: add test non-active commit with zeroed data - block: allow commit to unmap zero blocks - block: refactor error handling of commit_iteration - block: move commit_run loop to separate function - block: get type of block allocation in commit_run - hw/misc/npcm_clk: Don't divide by zero when calculating frequency - hw/display/xlnx_dp: Don't abort for unsupported graphics formats - hw/display/xlnx_dp.c: Don't abort on AUX FIFO overrun/underrun - net: pad packets to minimum length in qemu_receive_packet() Closes: #1119917, CVE-2025-12464 (buffer overflow in e1000_receive_iov) - hw/net/e1000e_core: Adjust e1000e_write_payload_frag_to_rx_buffers() assert - hw/net/e1000e_core: Correct rx oversize packet checks - hw/net/e1000e_core: Don't advance desc_offset for NULL buffer RX descriptors - qio: Protect NetListener callback with mutex - qio: Remember context of qio_net_listener_set_client_func_full - qio: Unwatch before notify in QIONetListener - qio: Add trace points to net_listener - tests/qemu-iotest: fix iotest 024 with qed images - qemu-img rebase: don't exceed IO_BUF_SIZE in one operation - qemu-img: Fix amend option parse error handling - tests/qtest/bios-tables-test: Update DSDT blobs after GPEX _DSM change - hw/pci-host/gpex-acpi: Fix _DSM function 0 support return value - tests/qtest/bios-tables-test: Prepare for _DSM change in the DSDT table - vhost-user: fix shared object lookup handler logic - target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns - hostmem/shm: Allow shm memory backend serve as shared memory for coco-VMs - tests/tcg/s390x: Test SET CLOCK COMPARATOR - target/s390x: Use address generation for register branch targets - target/s390x: Fix missing clock-comparator interrupts after reset - target/s390x: Fix missing interrupts for small CKC values - target/microblaze: Handle signed division overflows - target/microblaze: div: Break out raise_divzero() - target/microblaze: Remove unused arg from check_divz() - gdbstub: Fix %s formatting - block/curl.c: Fix CURLOPT_VERBOSE parameter type - block: fix luks 'amend' when run in coroutine - block: remove 'detached-header' option from opts after use - i386/kvm/cpu: Init SMM cpu address space for hotplugged CPUs - hw/i386/pc: Avoid overlap between CXL window and PCI 64bit BARs in QEMU 10.0.x - target/i386: clear CPU_INTERRUPT_SIPI for all accelerators - linux-user: permit sendto() with NULL buf and 0 len - linux-user: Use correct type for FIBMAP and FIGETBSZ emulation - qtest/am53c974-test: add additional test for cmdfifo overflow - esp.c: fix esp_cdb_ready() FIFO wraparound limit calculation - hw/hppa: Fix interrupt of LASI parallel port - nw/nvram/ds1225y: Fix nvram MemoryRegion owner - target/hppa: Set FPCR exception flag bits for non-trapped exceptions - hw/scsi: avoid deadlock upon TMF request cancelling with VirtIO - crypto: stop requiring "key encipherment" usage in x509 certs - io: fix use after free in websocket handshake code Closes: #1117153, CVE-2025-11234 (UAF in websocket handshake code) - io: move websock resource release to close method - io: release active GSource in TLS channel finalizer - target/riscv: fix riscv_cpu_sirq_pending() mask - target/riscv/kvm: fix env->priv setting in reset_regs_csr() - target/riscv/kvm: add scounteren CSR - target/riscv/kvm: read/write KVM regs via env size - target/riscv/kvm: add senvcfg CSR - aplic: fix mask for smsiaddrcfgh - hw/riscv: Correct mmu-type property of sifive_u harts in device tree - target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode - hw/ppc/e500: Check for compatible CPU type instead of aborting ungracefully - ui/gtk-gl-area: Remove extra draw call in refresh - tests/tcg/multiarch/linux/linux-test: Don't try to test atime update * linux-user-use-correct-type-for-FIBMAP-and-FIGETBSZ.patch: remove, applied upstream * d/control: qemu-system-xen: add the forgotten ipxe-qemu dependency qemu-system binaries require pxe boot roms for the network adaptors. When splitting qemu-system-xen into its own package, this dependency has been forgotten initally, but has been enabled for bookworm (#1035676). However, this change were lost when uploading the next version of qemu aimed for trixie. So trixie has this issue too, despite it's been fixed in bookworm already. (Closes: #1035676, #1120146) qiv (3.0.1-2+deb13u1) trixie; urgency=medium . * debian/patches/putenv-x11.diff: Closes: #1103712. r-bioc-beachmat (2.22.0+ds-3~deb13u1) trixie; urgency=medium . * Team upload. . [ Michael R. Crusoe ] * Patch up part of a test that depends on the "beachmat.hdf5" R package, which is not yet in Debian. Closes: #1111758 r-cran-gh (1.4.1-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-54956.patch: Add patch to fix CVE-2025-54956. - The HTTP response is delivered in a data structure that includes the Authorization header from the corresponding HTTP request (closes: #1110481). rails (2:7.2.2.2+dfsg-2~deb13u1) trixie-security; urgency=medium . * Team upload * New upstream release * Fix CVE-2025-24293 (Closes: #1111106) Active Record connects classes to relational database tables. The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. * Fix CVE-2025-55193. Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. * Target trixie in salsaCI rails (2:7.2.2.2+dfsg-1) unstable; urgency=medium . * Team upload. . [ Soren Stoutner ] * New upstream release (fixes CVE-2025-24293 and CVE-2025-55193). * debian/control: Remove "Breaks: ruby-actionpack-action-caching (<< 1.2.2)" (see https://lists.debian.org/debian-ruby/2025/08/msg00017.html). * debian/copyright: - Add Soren Stoutner to the debian/* stanza. - Add Lucas Nussbaum to the debian/* stanza. - Remove the unused GPL license. . [ Lucas Nussbaum ] * Remove unnecessary debian/.gitattributes. * debian/gbp.conf: Make compliant with DEP-14 defaults. * debian/salsa-ci.yml: Change to use the team-specific include. reform-tools (1.71-2+deb13u1) trixie; urgency=medium . * add patch to allow building lpc for linux 6.17 from trixie-backports rlottie (0.1+dfsg-4.2+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2025-0634 (Closes: #1109341) CVE-2025-53074 CVE-2025-53075 Most patches to fix these issues are already part of: Fix-crash-on-invalid-data.patch The remaining boundary check is left in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch For the sake of completeness, the whole upstream patch for these CVEs is added in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org roundcube (1.6.12+dfsg-0+deb13u1) trixie-security; urgency=high . * New upstream security and bugfix release (closes: #1122899). + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate tag. + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML style sanitizer. * Refresh d/patches. * d/gbp.conf: Set debian-branch=debian/trixie. * Salsa CI: Set RELEASE=trixie, disable reprotest and lintian jobs. rsync (3.4.1+ds1-5+deb13u1) trixie; urgency=medium . * Team upload. * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158 . A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. rust-sequoia-openpgp (2.0.0-2+deb13u1) trixie; urgency=medium . * Add upstream commit b59886e5 (via debian/patches, edited to apply cleanly) to fix an underflow in aes_key_unwrap / CVE-2025-67897 to prevent DOS (crash) via special crafted encrypted messages. Closes: #1122582. rust-sudo-rs (0.2.5-5+deb13u1) trixie-security; urgency=high . * Team upload * Ensure (partially) input passwords are not printed if killed during password prompt (Fixes:: GHSA-q428-6v73-fc4q) * Ensure `Defaults targetpw` and `Defaults rootpw` are taken into account for timestamp files (Fixes: GHSA-c978-wq47-pvvw) sbuild (0.89.3+deb13u4) trixie; urgency=medium . * Revert "Actually use UNSHARE_MMDEBSTRAP_ENV_CMD" . sbuild (0.89.3+deb13u3) trixie; urgency=medium . * Actually use UNSHARE_MMDEBSTRAP_ENV_CMD * lib/Sbuild/Build.pm: preserve TMPDIR for piuparts * Obey $TMPDIR for autopkgtest dsc mkdtemp * Fix tempdir for autopkgtest * Initialize variable . sbuild (0.89.3+deb13u2) trixie; urgency=medium . [ Jochen Sprickerhof ] * Explicitly select the sbuild-build-depends-main-dummy package arch (Closes: #1119344) . [ Johannes Schauer Marin Rodrigues ] * lib/Sbuild/Build.pm: preserve TMPDIR when running autopkgtest (Closes: #1121503) * lib/Sbuild/Build.pm: perltidy sbuild (0.89.3+deb13u3) trixie; urgency=medium . * Actually use UNSHARE_MMDEBSTRAP_ENV_CMD * lib/Sbuild/Build.pm: preserve TMPDIR for piuparts * Obey $TMPDIR for autopkgtest dsc mkdtemp * Fix tempdir for autopkgtest * Initialize variable . sbuild (0.89.3+deb13u2) trixie; urgency=medium . [ Jochen Sprickerhof ] * Explicitly select the sbuild-build-depends-main-dummy package arch (Closes: #1119344) . [ Johannes Schauer Marin Rodrigues ] * lib/Sbuild/Build.pm: preserve TMPDIR when running autopkgtest (Closes: #1121503) * lib/Sbuild/Build.pm: perltidy sbuild (0.89.3+deb13u2) trixie; urgency=medium . [ Jochen Sprickerhof ] * Explicitly select the sbuild-build-depends-main-dummy package arch (Closes: #1119344) . [ Johannes Schauer Marin Rodrigues ] * lib/Sbuild/Build.pm: preserve TMPDIR when running autopkgtest (Closes: #1121503) * lib/Sbuild/Build.pm: perltidy smb4k (4.0.0-1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix two security issues in the KAuth mounthelper: - CVE-2025-66002: local users can perform arbitrary unmounts via smb4kmounthelper due to lack of input validation - CVE-2025-66003: local users can perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba share (Closes: #1122381) * Merge Smb4KHardwareInterface class from master so that the merged security fixes can be compiled sogo (5.12.1-3+deb13u1) trixie; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2025-63498 - Cross Site Scripting (XSS) * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952) strongswan (6.0.1-6+deb13u2) trixie-security; urgency=medium . * d/patches: add fix for buffer overflow in EAP-MSCHAPv2 (CVE-2025-62291) suricata (1:7.0.10-1+deb13u2) trixie; urgency=medium . * Fix CVE-2025-64344 in 7.0.10. Cherry-Picked from upstream a7ff4c9ba53009680c7cd128b16c28d0aeda9886. * Fix CVE-2025-64333 in 7.0.10. Cherry-Picked from upstream 4b1d284bb57219b6677a8bda5cdc14a24a6aa22d. * Fix CVE-2025-64332 in 7.0.10. Cherry-Picked from upstream f67d72702a2601d0a86ac1450686e70d7176f629. * Fix CVE-2025-64331 in 7.0.10. Cherry-Picked from upstream 5abf9b81e78476f49ab074f3a74b5840747cd069. Added missing function declaration and refreshed patch by quilt. * Fix CVE-2025-64330 in 7.0.10. Cherry-Picked from upstream 5d6c24cc2ce6a390c0956b7ecb2c5efc47e72abc. survex (1.4.17-1+deb13u1) trixie; urgency=medium . * New patch fix-find-stations-search-box-width.patch backported from 1.4.18. This fixes the width of the "find stations" search box to make it actually usable again. Closes: #1109835 swift (2.35.1-0+deb13u1) trixie-security; urgency=medium . * New upstream point release: This new point release adds the feature to allow the use of aws-chunked transfer encoding. This is important because most S3 clients are using the boto library that has dropped support for any other protocol. This upstream point release contains only that change, which is minimal and will not affect any deployment other than accepting aws-chunked transfer. * Blacklist 2 unit tests that require isal lib to be installed: - test_sig_v4_strm_unsgnd_pyld_trl_checksum_hdr_unsupported - test_get_checksum_hasher * OSSA-2025-002: kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., from a presigned S3 URL), an unauthenticated attacker may obtain Keystone authorization (ec2tokens can yield a fully scoped token; s3tokens can reveal scope accepted by some services), resulting in unauthorized access and privilege escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients (e.g., exposed on a public API) are affected. Swift needs to be modified to accept the fix for Keystone, otherwise S3 authentication will stop working. Deployers are advised to update Swift first, as the patched swift will work with unpatched keystone, while the opposite isn't true. Applied upstream patch (Closes: #1120057): Add bug-2119646-swift.patch, which offers swift side compatibility with the keystone fix. swupdate (2024.12.1+dfsg-3+deb13u1) trixie; urgency=medium . * Backport: suricatta/wfx: Fix rebooting (Closes: #1118485) symfony (6.4.21+dfsg-2+deb13u1) trixie; urgency=medium . * Backport security fix from Symfony 6.4.29: - [HttpFoundation] Fix parsing pathinfo with no leading slash [CVE-2025-64500] * Use debian/trixie branch * [Finder] Drop data from testsuite thunderbird (1:140.6.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.6.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.5.0esr-1) unstable; urgency=medium . [ Paul Gevers ] * [e457726] tests: help.sh is really a very superficial test, so let's mark it as such (Closes: #1120427) . [ Christoph Goehre ] * [4908c1a] New upstream version 140.5.0esr Fixed CVE issues in upstream version 140.5 (MFSA 2025-91): CVE-2025-13012: Race condition in the Graphics component CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component CVE-2025-13018: Mitigation bypass in the DOM: Security component CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component CVE-2025-13014: Use-after-free in the Audio/Video component CVE-2025-13015: Spoofing issue in Thunderbird thunderbird (1:140.5.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.5.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.4.0esr-1) unstable; urgency=medium . * [d34f599] New upstream version 140.4.0esr Fixed CVE issues in upstream version 140.4 (MFSA 2025-85): CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 tryton-sao (7.0.28+ds1-1+deb13u2) trixie-security; urgency=high . * Add 02_escape_completion_content.patch. Patch for security issue: https://foss.heptapod.net/tryton/tryton/-/issues/14363 Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution S.a. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121233 tryton-server (7.0.30-1+deb13u1) trixie-security; urgency=high . * Add 03_traceback_in_RPC.patch, 04_enforce_access_check_html_editor.patch, 05_enforce_access_check_export_data.patch . Fixes for security issues: . Enforce access check in HTML editor route https://bugs.debian.org/1121241 (s.a. #1121241) -> https://foss.heptapod.net/tryton/tryton/-/issues/14364 . Include the traceback only in RPC responses in development mode https://bugs.debian.org/1121242 (s.a. #1121242) -> https://foss.heptapod.net/tryton/tryton/-/issues/14354 . Enforce access check in export_data https://bugs.debian.org/1121243 (s.a. #1121243) -> https://foss.heptapod.net/tryton/tryton/-/issues/14366 tzsetup (1:0.132+deb13u1) trixie; urgency=medium . [ Holger Wansing ] * Fix timezone for Argentina. Closes: #1111332. * Fix timezone for Ukraine as well (from MR4). unbound (1.22.0-2+deb13u1) trixie-security; urgency=high . [ Guilhem Moulin ] * Fix CVE-2025-11411: Cache poisoning vulnerability via NS RRSet injection * debian/salsa-ci.yml: Disable reprotest and lintian jobs, set RELEASE=trixie . [ Michael Tokarev ] * CVE-2025-11411-additional-nodata.patch -- additional fixes for CVE-2025-11411 (Closes: #1121446, CVE-2025-11411) * d/gbp.conf: set default branch to debian/trixie vlc (3.0.22-0+deb13u1) trixie-security; urgency=medium . * New upstream version 3.0.22 * debian/gbp.conf: Work in trixie branch * debian/patches: Remove patches from upstream vlc (3.0.22-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 3.0.22 * debian/: Re-enable VAAPI support (Closes: #1021601, #1013898) vlc (3.0.22~rc2-1) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Fix FTBFS on powerpc (Closes: #1115385) . [ Sebastian Ramacher ] * New upstream version 3.0.22~rc2 - Fix installation of Assamese translation (Closes: #1085961) vlc (3.0.22~rc1-1) unstable; urgency=medium . * New upstream version 3.0.22~rc1 * debian/control: - Fix version constraints on suggested plugins - Drop alternative libmodplug-dev BD - Remove dpkg-dev dependency satisfied in stable * debian/: - Remove zsh completion to make the package reproducible - Switch to lua 5.4 (Closes: #1099742) Check the NEWS entry of vlc-plugin-base on potential issues. - Update lintian overrides for new format * debian/watch: Migrate to version 5 * debian/rules: - debhelper now skips override_dh_auto_test if nocheck is specified - Remove handling of libtar as it got dropped upstream * debian/patches: Remove upstream patches included in 3.0.22~rc1 * debian/copyright: - Remove old FSF address - Update copyright years vlc (3.0.21-11) unstable; urgency=medium . * debian/rules: Disable postproc plugin since libpostproc is removed from ffmpeg 8.0 * debian/control: - Bump Standards-Version - Remove unused BD on libvcdinfo-dev webkit2gtk (2.50.4-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the clang compiler on armhf since trixie already uses clang-19 by default. webkit2gtk (2.50.4-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.3-1) unstable; urgency=medium . [ Alberto Garcia ] * New upstream release. * Use the default gcc (gcc-15) again in mips64el now that #1116217 has been fixed. * Drop fix-crash.patch and fix-link-error.patch. . [ Jeremy Bicha ] * debian/control.in: - Stop suggesting devhelp, it's going to be removed from Debian. webkit2gtk (2.50.3-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the clang compiler on armhf since trixie already uses clang-19 by default. webkit2gtk (2.50.3-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.2-1) unstable; urgency=medium . * New upstream release. * debian/patches/fix-link-error.patch: - Cherry pick build fix for 2.50.2. * debian/patches/fix-crash.patch: - Cherry pick crash fix. * As of 2.50.0, WebKitGTK no longer depends on GstTranscoder (WebKit bug #295985). - debian/control.in: Remove build dependency on libgstreamer-plugins-bad1.0-dev. - debian/rules: Don't use -DUSE_GSTREAMER_TRANSCODER=OFF in Ubuntu. * debian/control.in: - Drop build dependency on libgirepository1.0-dev (Closes: #1118932). - Remove Rules-Requires-Root: no, as this is the default value since dpkg 1.22.13 (fixes redundant-rules-requires-root-no-field). * Use clang-19 on armhf since the build fails with versions 20 and 21 (WebKit bug #290167). webkit2gtk (2.50.2-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the gcc compiler on mips64el since trixie already uses gcc-14 by default. * Don't override the clang compiler on armhf since trixie already uses clang-19 by default. webkit2gtk (2.50.2-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * Don't override the gcc compiler on mips64el since bookworm uses gcc 12 and not gcc 15 (#1116217). * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.1-1) unstable; urgency=medium . * New upstream release. * debian/control.in: - Enable the bubblewrap sandbox in loong64. - Remove Gustavo from the list of uploaders, he hasn't been active in over a decade. Obrigado, amigo! * debian/rules: - Enable Skia in loong64, it builds fine with GCC 15.2.0 (but not with clang 19: "neon.h: error: _Float16 is not supported on this target") - Stop using -DDEBUG_FISSION=OFF, this is already disabled by default if developer mode is not enabled (WebKit bug #252679). - Use DEB_HOST_ARCH_BITS instead of DEB_BUILD_ARCH_BITS to detect if we're making a 32-bit build. This won't make a difference in practice but it's the correct way to do it. * Drop fix-ftbfs-i386.patch and fix-ftbfs-s390x.patch. wordpress (6.8.3+dfsg1-0+deb13u1) trixie-security; urgency=high . * Non-maintainer upload. * New upstream version 6.8.3+dfsg1. (Fixes: CVE-2025-58674, CVE-2025-58246) xen (4.20.2+7-g1badcf5035-0+deb13u1) trixie-security; urgency=medium . Significant changes: * Update to new upstream version 4.20.2+7-g1badcf5035, which also contains security fixes for the following issues: (Closes: #1105193) (Closes: #1120075) - x86: Indirect Target Selection XSA-469 CVE-2024-28956 - x86: Incorrect stubs exception handling for flags recovery XSA-470 CVE-2025-27465 - x86: Transitive Scheduler Attacks XSA-471 CVE-2024-36350 CVE-2024-36357 - Multiple vulnerabilities in the Viridian interface XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 - Arm issues with page refcounting XSA-473 CVE-2025-58144 CVE-2025-58145 - x86: Incorrect input sanitisation in Viridian hypercalls XSA-475 CVE-2025-58147 CVE-2025-58148 - Incorrect removal of permissions on PCI device unplug XSA-476 CVE-2025-58149 * Note that the following XSA are not listed, because... - XSA-468 applies to Windows PV drivers - XSA-474 applies to XAPI which is not included in Debian . Packaging minor fixes and improvements: * debian/salsa-ci.yml: adjust for trixie and new salsa-ci pipeline yorick-gy (0.0.6-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie ====================================== Sat, 15 Nov 2025 - Debian 13.2 released ====================================== ========================================================================= [Date: Sat, 15 Nov 2025 09:44:31 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: librust-profiling-procmacros-dev | 1.0.16-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x rust-profiling-procmacros | 1.0.16-1 | source Closed bugs: 1115989 ------------------- Reason ------------------- RoM; unused ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:05 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x btrfs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x cdrom-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x cdrom-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x crypto-dm-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x crypto-dm-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x crypto-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x crypto-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x dasd-extra-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x dasd-extra-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x dasd-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x dasd-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x ext4-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x ext4-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x f2fs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x f2fs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x fat-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x fat-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x isofs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x isofs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x kernel-image-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x kernel-image-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x linux-headers-6.12.38+deb13-s390x | 6.12.38-1 | s390x linux-headers-6.12.48+deb13-s390x | 6.12.48-1 | s390x linux-image-6.12.38+deb13-s390x | 6.12.38-1 | s390x linux-image-6.12.38+deb13-s390x-dbg | 6.12.38-1 | s390x linux-image-6.12.48+deb13-s390x | 6.12.48-1 | s390x linux-image-6.12.48+deb13-s390x-dbg | 6.12.48-1 | s390x loop-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x loop-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x md-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x md-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x mtd-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x mtd-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x multipath-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x multipath-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x nbd-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x nbd-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x nic-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x nic-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x scsi-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x scsi-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x scsi-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x scsi-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x udf-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x udf-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x xfs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x xfs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:18 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 btrfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 btrfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 cdrom-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 cdrom-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 crypto-dm-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 crypto-dm-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 crypto-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 crypto-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 drm-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 drm-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ext4-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ext4-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 f2fs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 f2fs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 fat-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 fat-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 fb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 fb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 input-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 input-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 isofs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 isofs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 jfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 jfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 kernel-image-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 kernel-image-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 linux-headers-6.12.38+deb13-riscv64 | 6.12.38-1 | riscv64 linux-headers-6.12.48+deb13-riscv64 | 6.12.48-1 | riscv64 linux-image-6.12.38+deb13-riscv64 | 6.12.38-1 | riscv64 linux-image-6.12.38+deb13-riscv64-dbg | 6.12.38-1 | riscv64 linux-image-6.12.48+deb13-riscv64 | 6.12.48-1 | riscv64 linux-image-6.12.48+deb13-riscv64-dbg | 6.12.48-1 | riscv64 loop-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 loop-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 md-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 md-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mmc-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mmc-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mmc-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mmc-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mtd-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mtd-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 multipath-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 multipath-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nbd-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nbd-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-shared-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-shared-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-usb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-usb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-wireless-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-wireless-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 pata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 pata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ppp-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ppp-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 sata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 sata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-nic-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-nic-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 squashfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 squashfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 udf-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 udf-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-serial-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-serial-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-storage-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-storage-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 xfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 xfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:37 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.38+deb13-cloud-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.38+deb13-rt-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.48+deb13-amd64 | 6.12.48-1 | amd64 linux-headers-6.12.48+deb13-cloud-amd64 | 6.12.48-1 | amd64 linux-headers-6.12.48+deb13-rt-amd64 | 6.12.48-1 | amd64 linux-image-6.12.38+deb13-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.48+deb13-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-amd64-unsigned | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64-unsigned | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64-unsigned | 6.12.48-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:04 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.38+deb13 | 6.12.38-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x linux-kbuild-6.12.48+deb13 | 6.12.48-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-arm64-16k | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-cloud-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-rt-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.48+deb13-arm64 | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-arm64-16k | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-cloud-arm64 | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-rt-arm64 | 6.12.48-1 | arm64 linux-image-6.12.38+deb13-arm64-16k-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-16k-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.48+deb13-arm64-16k-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-16k-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64-unsigned | 6.12.48-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:40 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-rpi | 6.12.38-1 | armel linux-headers-6.12.48+deb13-rpi | 6.12.48-1 | armel linux-image-6.12.38+deb13-rpi | 6.12.38-1 | armel linux-image-6.12.38+deb13-rpi-dbg | 6.12.38-1 | armel linux-image-6.12.48+deb13-rpi | 6.12.48-1 | armel linux-image-6.12.48+deb13-rpi-dbg | 6.12.48-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:52 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf btrfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf btrfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf cdrom-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf cdrom-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf crypto-dm-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf crypto-dm-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf crypto-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf crypto-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf drm-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf drm-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ext4-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ext4-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf f2fs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf f2fs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf fat-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf fat-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf fb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf fb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf input-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf input-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf isofs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf isofs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf jfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf jfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf kernel-image-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf kernel-image-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf linux-headers-6.12.38+deb13-armmp | 6.12.38-1 | armhf linux-headers-6.12.38+deb13-armmp-lpae | 6.12.38-1 | armhf linux-headers-6.12.38+deb13-rt-armmp | 6.12.38-1 | armhf linux-headers-6.12.48+deb13-armmp | 6.12.48-1 | armhf linux-headers-6.12.48+deb13-armmp-lpae | 6.12.48-1 | armhf linux-headers-6.12.48+deb13-rt-armmp | 6.12.48-1 | armhf linux-image-6.12.38+deb13-armmp | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-dbg | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-lpae | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-lpae-dbg | 6.12.38-1 | armhf linux-image-6.12.38+deb13-rt-armmp | 6.12.38-1 | armhf linux-image-6.12.38+deb13-rt-armmp-dbg | 6.12.38-1 | armhf linux-image-6.12.48+deb13-armmp | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-dbg | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-lpae | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-lpae-dbg | 6.12.48-1 | armhf linux-image-6.12.48+deb13-rt-armmp | 6.12.48-1 | armhf linux-image-6.12.48+deb13-rt-armmp-dbg | 6.12.48-1 | armhf loop-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf loop-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf md-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf md-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf mmc-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf mmc-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf mtd-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf mtd-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf multipath-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf multipath-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nbd-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nbd-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-shared-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-shared-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-usb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-usb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-wireless-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-wireless-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf pata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf pata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ppp-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ppp-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf sata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf sata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-nic-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-nic-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf sound-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf sound-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf speakup-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf speakup-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf squashfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf squashfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf udf-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf udf-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf uinput-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf uinput-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-serial-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-serial-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-storage-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-storage-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:07 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ata-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el btrfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el btrfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el cdrom-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el cdrom-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el crypto-dm-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el crypto-dm-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el crypto-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el crypto-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el drm-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el drm-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ext4-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ext4-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el f2fs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el f2fs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el fat-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el fat-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el fb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el fb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el firewire-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el firewire-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el hypervisor-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el hypervisor-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el input-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el input-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el isofs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el isofs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el jfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el jfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el kernel-image-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el kernel-image-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el linux-headers-6.12.38+deb13-powerpc64le | 6.12.38-1 | ppc64el linux-headers-6.12.38+deb13-powerpc64le-64k | 6.12.38-1 | ppc64el linux-headers-6.12.48+deb13-powerpc64le | 6.12.48-1 | ppc64el linux-headers-6.12.48+deb13-powerpc64le-64k | 6.12.48-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-64k | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-64k-dbg | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-dbg | 6.12.38-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-64k | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-64k-dbg | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-dbg | 6.12.48-1 | ppc64el loop-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el loop-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el md-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el md-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el mtd-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el mtd-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el multipath-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el multipath-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nbd-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nbd-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-shared-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-shared-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-usb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-usb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-wireless-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-wireless-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ppp-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ppp-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el sata-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el sata-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-nic-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-nic-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el serial-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el serial-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el squashfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el squashfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el udf-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el udf-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el uinput-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el uinput-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-serial-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-serial-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-storage-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-storage-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el xfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el xfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 btrfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 btrfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 cdrom-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 cdrom-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 crypto-dm-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 crypto-dm-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 crypto-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 crypto-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 drm-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 drm-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ext4-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ext4-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 f2fs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 f2fs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 fat-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 fat-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 fb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 fb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 firewire-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 firewire-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 input-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 input-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 isofs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 isofs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 jfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 jfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 kernel-image-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 kernel-image-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 linux-image-6.12.38+deb13-amd64 | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64 | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64 | 6.12.38-1 | amd64 linux-image-6.12.48+deb13-amd64 | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64 | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64 | 6.12.48-1 | amd64 loop-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 loop-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 md-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 md-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mmc-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mmc-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mmc-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mmc-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mtd-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mtd-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 multipath-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 multipath-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nbd-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nbd-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-pcmcia-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-pcmcia-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-shared-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-shared-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-usb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-usb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-wireless-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-wireless-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pcmcia-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pcmcia-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pcmcia-storage-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pcmcia-storage-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ppp-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ppp-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 rfkill-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 rfkill-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 sata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 sata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-nic-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-nic-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 serial-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 serial-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 sound-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 sound-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 speakup-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 speakup-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 squashfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 squashfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 udf-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 udf-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 uinput-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 uinput-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-serial-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-serial-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-storage-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-storage-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 xfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 xfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:31 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ata-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 btrfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 btrfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 cdrom-core-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 cdrom-core-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 crypto-dm-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 crypto-dm-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 crypto-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 crypto-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ext4-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ext4-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 f2fs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 f2fs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 fat-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 fat-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 fb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 fb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 input-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 input-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 isofs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 isofs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 jfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 jfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 kernel-image-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 kernel-image-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 linux-image-6.12.38+deb13-arm64 | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-16k | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64 | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64 | 6.12.38-1 | arm64 linux-image-6.12.48+deb13-arm64 | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-16k | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64 | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64 | 6.12.48-1 | arm64 loop-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 loop-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 md-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 md-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 mmc-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 mmc-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 multipath-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 multipath-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nbd-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nbd-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-shared-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-shared-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-usb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-usb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-wireless-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-wireless-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ppp-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ppp-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 sata-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 sata-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-core-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-core-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-nic-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-nic-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 sound-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 sound-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 speakup-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 speakup-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 squashfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 squashfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 udf-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 udf-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 uinput-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 uinput-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-serial-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-serial-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-storage-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-storage-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 xfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 xfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:57 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-common | 6.12.38-1 | all linux-headers-6.12.38+deb13-common-rt | 6.12.38-1 | all linux-headers-6.12.48+deb13-common | 6.12.48-1 | all linux-headers-6.12.48+deb13-common-rt | 6.12.48-1 | all linux-support-6.12.38+deb13 | 6.12.38-1 | all linux-support-6.12.48+deb13 | 6.12.48-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= 7zip (25.01+dfsg-1~deb13u1) trixie; urgency=medium . * New upstream version 25.01+dfsg * Fix CVE-2025-55188, CVE-2025-11002, CVE-2025-11001 7zip (25.00+dfsg-1) unstable; urgency=medium . * New upstream version 25.00+dfsg * Rediff patches * Drop unused macro while building SFX stub * Disable CI for upstream codes branch * Enable cross build test in CI 7zip-rar (25.00+ds-1+deb13u1) trixie; urgency=medium . * Add missing CRC table constructor (Closes: #1118733) aide (0.19.1-2+deb13u2) trixie; urgency=medium . * fix issue with 31_aide_lvm: bin/buildcache was a non-functional script in the original trixie release. This version now runs properly in the non-root daily job: bin/buildcache is now run from a root timer * new rules: * 31_aide_cryptsetup * 31_aide_grub-pc * 31_aide_ksmtuned * 31_aide_radvd * 31_aide_run_systemd_dynamic-uid * 31_aide_systemd_tmpfiles * 31_aide_valkey * 31_aide_xfsprogs * update and improve rules: * 10_aide_bits * 10_aide_dateformats * 10_aide_days * 11_aide_dateformats_cury * 10_aide_hardware * 31_aide_apt-cacher-ng * 31_aide_bind9 * 31_aide_console-setup * 31_aide_cups * 31_aide_dehydrated * 31_aide_dev * 31_aide_dokuwiki * 31_aide_fwupd * 31_aide_gnupg * 31_aide_icinga2 * 31_aide_lighttpd * 31_aide_man * 31_aide_mariadb * 31_aide_run_systemd_netif * 31_aide_samba * 31_aide_schroot * 31_aide_spamassassin * 31_aide_ssh-server * 31_aide_sudo * 31_aide_systemd * 31_aide_systemd_sessions * 31_aide_torrus * 31_aide_udev * re-work postgreql rules allow-html-temp (10.0.8-1~deb13u1) trixie; urgency=medium . * Prepared for uploading to trixie proposed update after update of thunderbird in trixie (stable) allow-html-temp (10.0.8-1~deb12u1) bookworm; urgency=medium . [ Mechtilde ] * [d894bae] Rebased to new upstream version 10.0.8 * [385a188] Added d/dpb.conf to use debian-package-scripts alsa-ucm-conf-asahi (8-2+deb13u1) trixie; urgency=medium . * Team upload. * d/install: install the aop_audio ucm configs (Closes: #1112531) ansible (12.0.0~b5+dfsg-0+deb13u1) trixie; urgency=medium . * New upstream version 12.0.0~b5+dfsg * Update debian/gbp.conf to track trixie branches * Change gbp upstream tag as long as upstream version in trixie and sid match * Update debian/watch to also catch beta releases * Drop community hashi-vault patches (applied upstream) * Add 12 previously failing collection CI tests to autopkgtest ansible (12.0.0~b3+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b3+dfsg ansible (12.0.0~b2+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b2+dfsg ansible (12.0.0~b1+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b1+dfsg - many collections have been updated to not emit deprecation warnings when used with ansible-core 2.19.0. * Drop community hashi-vault patches (applied upstream) * Add 12 previously failing collection CI tests to autopkgtest * Update debian/watch to also catch beta releases. ansible-core (2.19.4-0+deb13u1) trixie; urgency=medium . [ Lee Garrett ] * New upstream bugfix release 2.19.4 - Fix regression from 2.18 regarding handlers and play tags (Closes: #1114932) * d/t/ansible-test-integration.py: Match conditional with log verbosity * autopkgtest: Always emit output when testbed-setup.sh is run . [ Colin Watson ] * Move apt sources lists aside more comprehensively in tests * testbed-setup: Only remove autopkgtest's global pinning ansible-core (2.19.3-2) unstable; urgency=medium . * Team upload. * Move apt sources lists aside more comprehensively in tests. * testbed-setup: Only remove autopkgtest's global pinning, not more specific pins such as those created by "autopkgtest --pin-packages". ansible-core (2.19.3-1) unstable; urgency=medium . * d/watch: Don't scan for beta/rc releases for now. * New upstream version 2.19.3 * Fix regression from 2.18 regarding handlers and play tags (Closes: #1114932) ansible-core (2.19.2-1) unstable; urgency=medium . [ Stefano Rivera ] * Loosen resolvelib dependency (following upstream). . [ Lee Garrett ] * New upstream version 2.19.2 * Add debug code to check for spurious autopkgtest failures regarding python's EXTERNALLY-MANAGED marker file * Fix logging conditional in autopkgtest * autopkgtest: Always emit output when testbed-setup.sh is run ansible-core (2.19.1-1) unstable; urgency=medium . * New upstream bugfix release 2.19.1 * Skip ansible-test-debugging integration test (requires running from source) ansible-core (2.19.1-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release 2.19.1 * Update debian/gbp.conf to track trixie branches * Update watch file to follow ansible-core 2.19.x in trixie * Change gbp upstream tag as long as upstream version in trixie and sid match * Skip ansible-test-debugging integration test (requires running from source) ansible-core (2.19.0-1) unstable; urgency=medium . * New upstream version 2.19.0 - This version is equivalent to rc2 on the code level, and just consolidates the changelog of the beta/rc releases into a single 2.19.0 one. ansible-core (2.19.0~rc2-1) unstable; urgency=medium . * New upstream version 2.19.0~rc1 - templating - Relaxed the Jinja sandbox to allow specific bitwise operations which have no filter equivalent. The allowed methods are __and__, __lshift__, __or__, __rshift__, __xor__. (Closes: #1106362) - templating - Switched from the Jinja immutable sandbox to the standard sandbox. This restores the ability to use mutation methods such as list.append and dict.update. - Bugfix: Update automatic role argument spec validation to not use deprecated syntax. - Bugfix: ssh connection plugin - Allow only one password prompt attempt when utilizing SSH_ASKPASS. * New upstream version 2.19.0~rc2 - Add deprecation warnings to YAML parsing, config settings, playbooks, and the public API. asahi-scripts (20250130-3+deb13u1) trixie; urgency=medium . * Team upload. * d/patches: - add 0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch to fix the macaudio default profile check (Closes: #1112262) - add 0000-Backport-asahi-diagnose-drop-tas2764-checks.patch to drop the tas2764 quirk checks (Closes: #1112262) - 0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch: add the apple_nvmem_spmi module to the initramfs explicitly and obsolete simple-mfd-spmi and nvmem_spmi_mfd (Closes: #1112264) - add 0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch to make update-m1n1 idempotent (Closes: #1112265) - refresh base-files (13.8+deb13u2) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.2 point release. bind9 (1:9.20.15-1~deb13u1) trixie-security; urgency=high . * New upstream version 9.20.15 - [CVE-2025-8677]: DNSSEC validation fails if matching but invalid DNSKEY is found - [CVE-2025-40778]: Address various spoofing attacks. - [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number generator bind9 (1:9.20.15-1~deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for trixie-backports. * d/gbp.conf: set branch for bookworm-backports brltty (6.7-3.1+deb13u2) trixie; urgency=medium . * patches/noverbose-bluetooth: Avoid verbose bluetooth spam. * patches/noverbose-usbfs: Avoid verbose usbfs spam (Closes: Bug#845496) brltty (6.7-3.1+deb13u2~bpo12+1) bookworm-backports; urgency=medium . * Backport to bookworm. chromium (142.0.7444.134-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. chromium (142.0.7444.134-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. chromium (142.0.7444.59-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. - trixie/rust-no-alloc-shim.patch: add another missing symbol that's provided by newer versions of rust. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (142.0.7444.59-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. - trixie/rust-no-alloc-shim.patch: add another missing symbol that's provided by newer versions of rust. - bookworm/gn-path-exists2.patch: add another workaround for lack of path_exists() in older gn. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (141.0.7390.122-1) unstable; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.122-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.122-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.107-1) unstable; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.107-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.107-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.65-1) unstable; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.65-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.65-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.54-1) unstable; urgency=high . * New upstream stable release. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (141.0.7390.54-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG. - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl. - CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz. - CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen. - CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq. - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob. - CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K. - CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep. - CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari. - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (141.0.7390.54-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG. - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl. - CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz. - CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen. - CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq. - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob. - CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K. - CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep. - CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari. - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. * d/rules: set rtc_video_psnr=false for bookworm's older openh264. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (140.0.7339.207-1) unstable; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.207-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.207-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.185-1) unstable; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.185-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.185-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.127-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.127-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.127-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.80-1) unstable; urgency=medium . * New upstream stable release. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (140.0.7339.80-1~deb13u1) trixie-security; urgency=medium . * New upstream stable release. - CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team. - CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. - CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK. - CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (140.0.7339.80-1~deb12u1) bookworm-security; urgency=medium . * New upstream stable release. - CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team. - CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. - CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK. - CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. - bookworm/rust-visibility.patch: drop, not needed w/ new rust 1.85. - bookworm/crabbyav1f.patch: drop, not needed w/ new rust 1.85. - bookworm/toktrie-utf8chunks.patch: drop, not needed w/ new rust. - bookworm/derivre-create.patch: drop, not needed w/ new rust. - bookworm/rust-split-at-checked.patch: drop, not needed w/ new rust. - bookworm/crabbyav1f-macro-scope.patch: drop, not needed w/ new rust. - bookworm/rust-box-to-vec.patch: drop, not needed w/ new rust. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (139.0.7258.154-1) unstable; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. cjson (1.7.18-3.1+deb13u1) trixie-security; urgency=medium . * CVE-2025-57052 (Closes: #1114757) console-setup (1.242~deb13u1) trixie; urgency=medium . * Backport 1.242 from forky development. * keyboard-configuration.templates: Fix dz(azerty-oss/deadkeys) into dz, which is what xkb really provides. * keyboard-configuration.config: Fix dz default layout. console-setup (1.241) unstable; urgency=medium . * keyboard-configuration.templates: Use ca/multix variant instead of ca/multi (Closes: #1111994). console-setup (1.240+deb13u1) trixie; urgency=medium . * keyboard-configuration.templates: Update dz(la) into dz(azerty-oss). * keyboard-configuration.templates: Use ca/multix variant instead of ca/multi (Closes: #1111994). cups (2.4.10-3+deb13u2) trixie; urgency=high . * add 0018-cgi-Fix-checkbox-support-fixes.patch Thanks to Elena ``of Valhalla'' for finding the upstream commit and asking Simone Piccardi to confirm that it works now. (Closes: #1109471) cups (2.4.10-3+deb13u1) trixie-security; urgency=high . * CVE-2025-58060 fix authentication bypass with AuthType Negotiate * CVE-2025-58364 fix remote DoS via null dereference curl (8.14.1-2+deb13u2) trixie; urgency=medium . * d/p/wcurl-CVE-2025-11563.patch: Pull upstream changes to actually fix CVE-2025-11563 curl (8.14.1-2+deb13u1) trixie; urgency=medium . [ Alex ] * Team upload. * d/p/cookie-don-t-treat-the-leading-slash-as-trailing: import upstream patch to fix CVE-2025-9086 * d/p/CVE-2025-10148.patch: backport upstream patch for CVE-2025-10148 . [ Samuel Henrique ] * Import wcurl patches. * wcurl-CVE-2025-11563.patch: Fix CVE-2025-11563 * wcurl-Fix-example-for-continue-at.patch: Fix example in manpage * wcurl-Set-CURL_OPTIONS-right-before-the-url.patch: Fix to allow --output to be overwritten with --curl-options debian-edu-config (2.12.903~deb13u1) trixie; urgency=medium . * Upload to trixie. debian-installer (20250803+deb13u2) trixie; urgency=medium . * Bump Linux kernel ABI to 6.12.57+deb13. * Adjust linux-image build-deps accordingly. debian-installer-netboot-images (20250803+deb13u2) trixie; urgency=medium . * Update to 20250803+deb13u2, from trixie-proposed-updates. dhcpcd (1:10.1.0-11+deb13u1) trixie; urgency=medium . * [patches] + DHCP: Fix crash when someone deletes our address (Closes: #1114964). Cherry-pick from upstream Git (included in Forky since 10.2.0). * [service] - Remove /etc/wpa_supplicant from ReadWritePaths (Closes: #1111467). Otherwise dhcpcd fails to launch if wpasupplicant is not installed. distro-info-data (0.66+deb13u1) trixie; urgency=medium . * Update database to 0.68: - Update the bookworm EoL - Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961) dkms (3.2.2-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie. . dkms (3.2.2-1) unstable; urgency=medium . * New upstream release. * Stop shipping dkms.service. Not really needed and causes a dependency cycle with cloud-init-network.service. (Closes: #1107232) * common.postinst: Emit a warning if no kernel headers were found. (Closes: #1114731) * Drop Pre-Depends: lsb-release, no longer used since 3.0.12. * Add Breaks against more obsolete *-dkms packages. dns-root-data (2025080400~deb13u1) trixie; urgency=medium . * Rebuild the package for trixie to make possible to rebuild it again during the distribution lifetime. (See #1091496.) The content of the binary package is unchanged from version 2024071801, which is the one currently in trixie. dnsdist (1.9.10-1+deb13u1) trixie; urgency=medium . * d/{gbp.conf,.gitlab-ci.yml}: setup for trixie * Apply upstream fix for CVE-2025-8671, CVE-2025-30187 (Closes: #1115643) dolphin-emu (2503+dfsg-1+deb13u1) trixie; urgency=medium . * Remove the dfsg repack suffix from DOLPHIN_WC_DESCRIBE (closes: #1094989). * Look for locale files in the correct directory (closes: #1108687). * Switch debian-branch to trixie. dovecot (1:2.4.1+dfsg1-6+deb13u2) trixie; urgency=medium . * [6ac2883] Clean up a few typos in default/example config (Closes: #1112667) * [7feb544] Ensure default lmtpd auth_username_format matches the global value (Closes: #1111469) * [216ec20] import upstream patch for improperly terminated auth_oauth2_post_setting_defines (Closes: #1116328) * [46eab61] lib-sieve/sieve-script.c: sieve_script_create_common: Correctly handle errors. (Closes: #1116070) dovecot (1:2.4.1+dfsg1-6+deb13u1) trixie-security; urgency=high . * Import upstream fix for an issue with authentication cache management that could result in users being logged in as the wrong user in certain configurations. (Closes: #1115964) eas4tbsync (4.17-1~deb13u2) trixie; urgency=medium . * Added dir api/ to d/rules It follows 4.17-2 in unstable eas4tbsync (4.17-1~deb13u1) trixie; urgency=medium . * Prepared for uploading to trixie proposed update after update of thunderbird in trixie (stable) emacs-libvterm (0.0.2+git20250113.056ad74-3~deb13u1) trixie; urgency=medium . * Upload to trixie . emacs-libvterm (0.0.2+git20250113.056ad74-3) unstable; urgency=medium . * Fix elpa-vterm to use "Multi-Arch: no" - elpa-vterm installs the files under the same path on different archs, so they are not co-installable. . emacs-libvterm (0.0.2+git20250113.056ad74-2) unstable; urgency=medium . * Upload to unstable - Change elpa-vterm to arch:any fixed the DEB_HOST_MULTIARCH generation. (Closes: #1115607) . emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages emacs-libvterm (0.0.2+git20250113.056ad74-2) unstable; urgency=medium . * Upload to unstable - Change elpa-vterm to arch:any fixed the DEB_HOST_MULTIARCH generation. (Closes: #1115607) . emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages eperl (2.2.15-1+deb13u1) trixie; urgency=medium . * Debian Team upload. * d/p/0003: Pass environ to PERL_SYS_INIT()/perl_parse() implicitly instead of explicitly to avoid the script getting a truncated environment on Perl 5.40 (Closes: #1114004) epiphany-browser (48.5-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release 48.4 - Fix app ID in metainfo - Disconnect signal handlers correctly, fixing a use-after-free crash (epiphany#2653 upstream) - In incognito mode (private browsing), don't use saved HTTP authentication passwords from normal mode (epiphany#2651 upstream) - Fix inability to authenticate on authenticationtest.com by avoiding a spurious authentication attempt with known-wrong credentials (epiphany!1745 upstream) - Use the creation time for webapps' "Installed on" date, not the modification time (epiphany#2604 upstream) - Don't consider og:image (a media preview used when sharing links on social media) as a candidate for the icon for a webapp, since it often points to an image that merely appears on the referenced website (epiphany!1755 upstream) - Fix a crash on exit if the export dialog has been dismissed, and relatedly a memory leak (epiphany#2661 upstream) - Fix two crashes on startup if running under Pantheon (epiphany!1818 upstream; not relevant to Debian unless that desktop environment is installed from a third-party source) - Improve robustness of password import, avoiding some crashes (epiphany!1843 upstream) - Fix PKCS#11 login for invalid cert/priv pairs (epiphany!1857 upstream) - Translation updates - Upstream CI fixes not relevant to Debian * New upstream bugfix release 48.5 - Upstream CI fixes not relevant to Debian evolution (3.56.2-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release, fixing these issues: - I#3042 - Check return value of CamelDataWrapper calculate size functions - I#3045 - Cannot add actions in 'Customize User Interface' dialog - I#3052 - Ensure "New" button action in Calendar view - I#3061 - Mail: Do not strip signature for Edit as New in Sent folder - Calendar: Cannot show/hide Tasks and Memos pane - (Closes: #1120149) * debian/control: Bump e-d-s dependencies and build-dependencies to 3.56.2 evolution (3.56.1-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patch to fix crash with webkit2gtk 2.50 (Closes: #1116301) * Update debian/gbp.conf for trixie evolution-data-server (3.56.2-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release * Cherry-pick patch to fix busy loop when using the MH format mail archive (Closes: #1111605) fangfrisch (1.9.0-3+deb13u1) trixie; urgency=high . * Non-maintainer upload. * Update sanesecurity mirror as the old one will stop working this year (Closes: #1117681) ffmpeg (7:7.1.2-0+deb13u1) trixie-security; urgency=medium . * New upstream version 7.1.2 - Fixes CVE-2025-1594 firefox-esr (140.4.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-83, also known as: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11714, CVE-2025-11715. . * debian/watch: Refreshed. Somehow it was not refreshed for ESR. * debian/dh: Properly handle multiple DEB_BUILD_OPTIONS. firefox-esr (140.4.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-83, also known as: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11714, CVE-2025-11715. . * debian/watch: Refreshed. Somehow it was not refreshed for ESR. * debian/dh: Properly handle multiple DEB_BUILD_OPTIONS. firefox-esr (140.3.1esr-2) unstable; urgency=medium . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/rules: Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.1esr-1) unstable; urgency=medium . * New upstream release. firefox-esr (140.3.1esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. - Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.1esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. - Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.0esr-2) unstable; urgency=medium . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. firefox-esr (140.3.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (140.3.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (140.3.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (128.14.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. fluidsynth (2.4.4+dfsg-1+deb13u1) trixie; urgency=medium . * Set the default samplerate to 48000 and buffer size to 512 in the service config file (Closes: #1075976, #1105956). folder-account (12.1-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie for thunderbird >= 140.3 fonts-noto-color-emoji (2.051-0+deb13u1) trixie; urgency=medium . * New upstream release (Closes: #1115370) - This major update introduces support for the Unicode 17.0 standard https://blog.emojipedia.org/google-debuts-emoji-17-0-support/ freeradius (3.2.7+dfsg-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Backport patch to fix compatibility with OpenSSL 3.5.2 (Closes: #1111328) gegl (1:0.4.62-2+deb13u1) trixie-security; urgency=medium . * CVE-2025-10921 (Closes: #1116470) ghostscript (10.05.1~dfsg-1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Steve Robbins ] * Upstream fix for CVE-2025-7462. (Closes: #1109270) . [ Salvatore Bonaccorso ] * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443) * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444) gimp (3.0.4-3+deb13u2) trixie-security; urgency=medium . * CVE-2025-10934 (Closes: #1119661) gimp (3.0.4-3+deb13u1) trixie-security; urgency=medium . * CVE-2025-10924 (Closes: #1116461) * CVE-2025-10923 (Closes: #1116460) * CVE-2025-10922 (Closes: #1116459) * CVE-2025-10920 (Closes: #1116458) gnome-maps (48.7-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release (Closes: #1111673) - Fix a regression when requesting route planning from transitous.org (gnome-maps#864 upstream) - Add address format for Austria - Add address format for Paraguay - Translation updates (Dutch, Romanian, Thai) gnome-maps (48.6-3) unstable; urgency=medium . * Team upload * Build-depend on gobject-introspection instead of libgirepository1.0-dev * Standards-Version: 4.7.2 (no changes required) gnome-maps (48.6-2) unstable; urgency=medium . * Cherry-pick fixes from gnome-48 branch (Closes: #1111673): - Add address format for Austria - Add address format for Paraguay - Update Dutch translation . gnome-maps (48.6-1) unstable; urgency=medium . * Team upload * d/gbp.conf, d/watch: Only watch for 48.x for now. We'll track 48.x in testing/unstable for now, to get more testing for possible future trixie updates. * New upstream stable release - Translation updates only gnome-maps (48.6-1) unstable; urgency=medium . * Team upload * d/gbp.conf, d/watch: Only watch for 48.x for now. We'll track 48.x in testing/unstable for now, to get more testing for possible future trixie updates. * New upstream stable release - Translation updates only gnome-session (48.0-1+deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf, d/watch: Set branch for trixie stable updates * d/gnome-mimeapps.list: Fall back from Evince to Papers where supported, if Evince is not installed. The default PDF reader for GNOME in trixie is evince, but the metapackage has an alternative dependency on papers and some early adopters are already using the newer package. Papers doesn't support some document formats that Evince did, like Postscript and DVI. Continue to prefer only Evince for those. (Closes: #1112257, #1115704) * d/gnome-mimeapps.list: Fall back from Totem to Showtime where supported, if Showtime is not installed. Similar to the PDF readers, the default video player for GNOME in trixie is totem, but the metapackage has an alternative dependency on showtime. showtime is only a file-based video player and isn't designed to play audio, playlists or DVDs, so continue to refer to only totem for the formats not supported by showtime. google-recaptcha (1.3.0-2+deb13u1) trixie; urgency=medium . * Add a patch to fix PHP 8.4 deprecations haproxy (3.0.11-1+deb13u1) trixie-security; urgency=high . * CVE-2025-11230: fix possible DoS when parsing JSON numbers. hsqldb1.8.0 (1.8.0.10+dfsg-12.1+deb13u1) trixie-security; urgency=medium . * (re)add avoid-execution-of-spurious-command-in-script-or-log-file.diff to debian/patches/series, lost in 1.8.0.10+dfsg-12.1 NMU ikvswitch (1.0.4+deb13u1) trixie; urgency=medium . * Write in /etc/sysctl.d/00-forward-internet.conf as sysctl.conf is gone in Trixie. * Use Trixie as default distro for the setup. * Add || true when doing "ip link set down dev" if ipmi bridge. imagemagick (8:7.1.1.43+dfsg1-1+deb13u3) trixie; urgency=high . * Fix CVE-2025-62171 (Closes: #1118340) Integer Overflow in BMP Decoder (ReadBMP): CVE-2025-57803 claims to be patched, but the fix is incomplete and ineffective. . The patch added BMPOverflowCheck() but placed it after the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS. imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high . * Fix CVE-2025-55004: ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image (Closes: #1111101) * Fix CVE-2025-55005: when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. (Closes: #1111102) * Fix CVE-2025-55154: the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. (Closes: #1111103) * Fix CVE-2025-55212: Passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. (Closes: #1111587) * Fix CVE-2025-55298: A format string bug vulnerability exists in InterpretImageFilenam function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. (Closes: #1111586) * Fix CVE-2025-57803: A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. (Closes: #1112469) * Fix CVE-2025-57807: A security problem was found in SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. (Closes: #1114520) incus (6.0.4-2+deb13u1) trixie-security; urgency=high . * Backport fixes for the following security issues: - CVE-2025-54293 / GHSA-472f-vmf2-pr3h - CVE-2025-54287 / GHSA-w2hg-2v4p-vmh6 - CVE-2025-54288 / GHSA-7232-97c6-j525 - CVE-2025-54286 / GHSA-p8hw-rfjg-689h - CVE-2025-54290 / GHSA-p3x5-mvmp-5f35 - CVE-2025-54291 / GHSA-xch9-h8qw-85c7 - CVE-2025-54289 / GHSA-3g72-chj4-2228 incus (6.0.4-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. - Drop dependency on virtiofsd, as it isn't available for bookworm - Drop apparmor 4.x patch - Relax dependency on lxcfs, since runit scripts aren't expected for bookworm - Add patch to remove dependency on go-criu - Add patch to build with older version of openfga-go-sdk - Add patch backporting RemoveAll from newer sftp input-remapper (2.1.1-1+deb13u1) trixie; urgency=medium . * Add psutil to the list of module requirements. Closes: #1113695. intel-microcode (3.20250812.1~deb13u1) trixie-security; urgency=medium . * Security upload, no changes. . intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. intel-microcode (3.20250812.1~deb12u1) bookworm-security; urgency=medium . * Backport to bookworm-security * debian/rules: revert use of /usr/lib/firmware for deb12 . intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. irqbalance (1.9.4-1+deb13u1) trixie; urgency=medium . * d/gbp.conf: set debian-branch to debian/trixie * Drop ProtectKernelTunables=yes in irqbalance.service. Done via new patch: d/p/drop-protectkerneltunables.patch Thanks to Marco d'Itri (Closes: #1114676) jdupes (1.28.0-1+deb13u1) trixie; urgency=medium . * debian/patches/020_fix-uniq-count.patch: created to fix flag overlap between FF_NOT_UNIQUE and FF_HASHDB_DIRTY. . Both FF_NOT_UNIQUE and FF_HASHDB_DIRTY were defined using the same bit (1U << 5), causing logic errors where files were incorrectly marked as not unique due to hash database state. This commit moves FF_HASHDB_DIRTY to (1U << 6) to eliminate the overlap. It fixes incorrect behavior when detecting unique files with --unique or -u. . Closes: #1063079 jetty12 (12.0.17-3.1~deb13u1) trixie-security; urgency=medium . * Non-maintainer upload. * Rebuild for trixie-security. . jetty12 (12.0.17-3.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111765) jetty9 (9.4.57-1.1~deb13u1) trixie-security; urgency=medium . * Non-maintainer upload. * Rebuild for trixie-security. . jetty9 (9.4.57-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111766) jetty9 (9.4.57-1.1~deb12u1) bookworm-security; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm-security. . jetty9 (9.4.57-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111766) jing-trang (20241231+repack-1~deb13u1) trixie; urgency=medium . * Re-import new upstream release, with gbp filtering (Closes: Bug#1118457) keepassxc-browser (1.9.7+repack1-1+deb13u1) trixie; urgency=medium . * Fixed integration with Chromium (Closes: #1111635) + Split installation for Chromium and Firefox in two separate directories. Each directory does now contain the correct manifest.json file for the respective browser. + Added maintainer preinst script to remove a symbolic link from previous package versions to have this revision create a directory instead + Added maintainer prerm script to permit a downgrade - just in case. It conditionally reverses the action of the above mentioned preinst script. + Extended fix-browser-polyfill-includex.patch to also adjust the Chromium manifest + Extended fix-nacl-includes.patch to also adjust the Chromium manifest + Extended chromium-extension-key.patch to add the extension's key in the manifest file which is installed from this revision on for Chromium + Extended lintian overrides for warnings produced by the additional installation for Chromium + Extended and updated debian/rules to rename and install files into the respective directories per browser. Removed obsolete file permission fixes and improved readability. kmail-account-wizard (4:24.12.3-1+deb13u1) trixie; urgency=medium . * Detect QML-dependencies automatically. lemonldap-ng (2.21.2+ds-1+deb13u1) trixie; urgency=medium . * Fix shell injection from admin interface (Closes: CVE-2025-59518) * Don't expose session-id into Ajax responses * Fix Google authentication libcommons-lang-java (2.6-10+deb13u1) trixie; urgency=medium . * Team upload. * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924. - Fix an uncontrolled recursion vulnerability (closes: 1109126). libcommons-lang3-java (3.17.0-1+deb13u1) trixie; urgency=medium . * Team upload. * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924. - Fix an uncontrolled recursion vulnerability (closes: 1109125). libcpanel-json-xs-perl (4.39-2~deb13u1) trixie-security; urgency=high . * Rebuild for trixie-security . libcpanel-json-xs-perl (4.39-2) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40929) libgpiod (2.2.1-2+deb13u1) trixie; urgency=medium . * d/control: Remove Breaks/Replaces on libgpiod2 and libgpiod2t64. This allows co-installation with older libraries. (Closes: #1110868) libhtp (1:0.5.50-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2025-53537: memory leak with LZMA (Closes: #1109838) libjson-xs-perl (4.040-1~deb13u1) trixie-security; urgency=high . * Rebuild for trixie-security . libjson-xs-perl (4.040-1) unstable; urgency=medium . * Team upload. * Import upstream version 4.040. - Fix json_atof_scan1 overflows (CVE-2025-40928) * Drop initial patch for CVE-2025-40928 in favour of upstream changes * Drop patches applied upstream . libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libjson-xs-perl (4.040-1~deb12u1) bookworm-security; urgency=high . * Rebuild for bookworm-security . libjson-xs-perl (4.040-1) unstable; urgency=medium . * Team upload. * Import upstream version 4.040. - Fix json_atof_scan1 overflows (CVE-2025-40928) * Drop initial patch for CVE-2025-40928 in favour of upstream changes * Drop patches applied upstream . libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libsmb2 (6.2+dfsg-2+deb13u1) trixie; urgency=medium . * Import upstream patches to fix CVE-2025-57632 - When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256) * d/p/CVE-2025-57632-pt*.patch: Import upstream patches to fix CVE * d/p/CVE-2025-57632-pt2.patch: Backport patch and Update hunks' offsets * d/p/CVE-2025-57632-pt3.patch: Backport patch and Update hunks' offsets * d/p/CVE-2025-57632-pt4.patch: Backport patch and Change hunk to reflect new code indentation libssh (0.11.2-1+deb13u1) trixie; urgency=medium . * CVE-2025-8277 (Closes: #1114859) * CVE-2025-8114 (Closes: #1109860) libvirt (11.3.0-3+deb13u1) trixie; urgency=medium . * [6a549fc] patches: Add backports - backport/tlscert-Don-t-force-keyEncipherment[...] - backport/tls-Don-t-require-keyEncipherment-[...] - backport/tests-[...]-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERM[...] - Removes the requirement to have keyEncipherment enabled for TLS certificates - Closes: #1110816 * [8b355a8] patches: Add backports - backport/daemon-Drop-log-level-of-VIR_ERR_NO_SUPPORT-[...] - Prevents journal spam when using the LXC driver - Closes: #1110963 * [f5079ab] patches: Add backports - backport/qemu-capabilities-Check-if-cpuModels-is-not-NULL-[...] - Fixes a daemon crash that occurs when probing capabilities for a QEMU binary that doesn't report information about CPU models - Closes: #1112481 libwebsockets (4.3.5-1+deb13u1) trixie; urgency=medium . * CVE-2025-11677 (Closes: #1118747) * CVE-2025-11678 (Closes: #1118746) libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u2) trixie; urgency=high . * Non-maintainer upload. * Fix CVE-2025-9714: Denial of service vulnerability via uncontrolled recursion in XPath evaluation. * Amend d/p/CVE-2025-7425.patch to better reflect the original fix. libxslt (1.1.35-1.2+deb13u2) trixie-security; urgency=high . * Non-maintainer upload. * Fix regression in the backport of upstream change for issue #123 "generate-id() is non-deterministic". libyaml-syck-perl (1.34-2+deb13u1) trixie; urgency=medium . * Team upload. * Address memory corruption leading to 'str' value being set on empty keys (CVE-2025-11683) libyaml-syck-perl (1.34-2+deb12u1) bookworm; urgency=medium . * Team upload. * Address memory corruption leading to 'str' value being set on empty keys (CVE-2025-11683) linux (6.12.57-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux (6.12.48-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions linux-signed-amd64 (6.12.57+1) trixie; urgency=medium . * Sign kernel from linux 6.12.57-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux-signed-amd64 (6.12.48+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.48-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions linux-signed-arm64 (6.12.57+1) trixie; urgency=medium . * Sign kernel from linux 6.12.57-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux-signed-arm64 (6.12.48+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.48-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions lnav (0.12.4-1+deb13u1) trixie; urgency=medium . * [notcurses] handle failure to set cregs from tmux (Closes: #1109004) log4cxx (1.4.0-1+deb13u1) trixie; urgency=medium . [ Lukas Märdian and Tobias Frost ] * Backport fixes for: - CVE-2025-54812: Improper HTML escaping in HTMLLayout (Closes: #1111879) - CVE-2025-54813: Improper escaping with JSONLayout (Closes: #1111881) logcheck (1.4.5+deb13u1) trixie; urgency=medium . [ Paul Aurich ] * Update and simplify regex in ignore.d.paranoid/ssh . [ Yasuhiro Kimura ] * Update ignore.d.paranoid/ssh and ignore.d.server/ssh lttng-modules (2.13.18-1+deb13u1) trixie; urgency=medium . * Fix potential kernel crash with syscall tracing (Closes: ##1117551) * [4b4342c] debian/gbp.conf: branch config for trixie * [a8a56d6] Add patch to fix syscall tracing with kernels >= v6.13 luksmeta (9-4+deb13u1) trixie; urgency=high . * Cherry-pick "Fix handling of large metadata". Closes: #111828 [CVE-2025-11568] luksmeta (9-4+deb12u1) bookworm; urgency=high . * Cherry-pick "Fix handling of large metadata". Closes: #111828 [CVE-2025-11568] lxcfs (6.0.4-1+deb13u1) trixie; urgency=medium . * d/control: - Add a dependency on fuse3 (Closes: #1114596) lxd (5.0.2+git20231211.1364ae4-9+deb13u1) trixie-security; urgency=high . * Backport fixes for the following security issues that are unfixed by Canonical in the stable-5.0 branch: - CVE-2025-54293 / GHSA-472f-vmf2-pr3h - CVE-2025-54287 / GHSA-w2hg-2v4p-vmh6 - CVE-2025-54288 / GHSA-7232-97c6-j525 * Backport fixes for the following security issues fixed by Canonical: - CVE-2025-54286 / GHSA-p8hw-rfjg-689h magit (4.3.5-1+deb13u1) trixie; urgency=medium . * Update d/gbp.conf to track trixie branch * Ship missing magit-dired.el in elpa-magit (Closes: 1120049) mailmindr (1.7.1-2~deb13u1) trixie; urgency=medium . * Rebuild to upload to trixie after thunderbird 140.3 malcontent (0.13.0-2+deb13u1) trixie; urgency=medium . * Team upload . [ Alessandro Astone ] * Fix filtering snaps after snapd 2.72 (Closes: #1120080, LP: #2128350) * Fix listing flatpaks in parental control UI (Closes: #1113776) * Fix memory leak when checking snaps mapserver (8.4.0-4+deb13u1) trixie; urgency=medium . * Update branch in gbp.conf & Vcs-Git URL. * Add upstream patch to fix CVE-2025-59431. * Update symbols for msStringUnescape. mc (3:4.8.33-1+deb13u1) trixie; urgency=high . * Non-maintainer upload. * Added debian/patches/subshell-fd.patch (Closes: #1108061) modsecurity-apache (2.9.11-1+deb13u1) trixie; urgency=medium . * Add patch against new CVE; Fixes CVE-2025-54571 (Closes: #1110480) * Remove d/patches/aclocal.patch, not necessary monitoring-plugins (2.4.0-3+deb13u1) trixie; urgency=medium . * [3cb6abf] d/.gitlab-ci.yml: Change RELEASE to trixie * [1b5ea7b] Adding d/patches/25_check_users_sd_get_uids to fix user count * [b92ed85] Adding d/p/26_check_mysql_replica from upstream (Closes: #1116027) * [4362a8d] d/control: Adding libsystemd-dev and libsystemd0 as build-dep (Closes: #1110265) * [22de282] d/control: Drop libsystemd0 from build-deps, pulled by libsystemd-dev mpv (0.40.0-3+deb13u1) trixie; urgency=medium . * debian/gbp.conf: Work on debian/trixie branch * debian/patches: Create missing folders for watch history (Closes: #1115938) mrtg (2.17.10-13+deb13u1) trixie; urgency=medium . * debian/patches/010_enable-www-dir.patch: dropped because it is generating duplicate information in config file when using the cfgmaker command (WorkDir field). Thanks to Lloyd . (Closes: #1111333) nextcloud-desktop (3.16.7-1~deb13u1) trixie; urgency=medium . * Rebuild for Trixie. . nextcloud-desktop (3.16.7-1) unstable; urgency=medium . * New upstream release. . nextcloud-desktop (3.16.6-3) unstable; urgency=medium . * Release to unstable (#1091614 is fixed). . nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) . nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nextcloud-desktop (3.16.6-3) unstable; urgency=medium . * Release to unstable (#1091614 is fixed). . nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) . nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nfdump (1.7.5-2+deb13u1) trixie; urgency=medium . * [3d717345] Cherry-Pick upstream fix for -S (subdir) together with -M (multiple sources) (Closes: #1112376) * [018d04be] Salsa CI: Adjust for trixie * [5cb8e85c] d/gbp.conf: Adjust for trixie nncp (8.11.0-4+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent path traversal during freq/file (CVE-2025-60020) (Closes: #1115848) node-sha.js (2.4.11+~2.4.0-2+deb13u1) trixie-security; urgency=medium . * Team upload * Fix improper input validation vulnerability (Closes: #1111769, CVE-2025-9288) * Add dependencies to node-get-intrinsic, node-isarray and node-is-typed-array node-sha.js (2.4.11+~2.4.0-2+deb12u1) bookworm-security; urgency=medium . * Fix improper input validation vulnerability (Closes: #1111769, CVE-2025-9288) * Add dependencies to node-get-intrinsic, node-isarray and node-is-typed-array node-tar-fs (3.0.9+~cs2.0.4-1+deb13u1) trixie-security; urgency=medium . * Team upload * Apply fix for CVE-2025-59343 (Closes: #1116338) nova (2:31.0.0-6+deb13u1) trixie; urgency=high . * A vulnerability has been identified in OpenStack Nova and OpenStack Watcher in conjunction with volume swap operations performed by the Watcher service. Under specific circumstances, this can lead to a situation where two Nova libvirt instances could reference the same block device, allowing accidental information disclosure to the unauthorized instance. Added upstream patch: OSSN-0094_restrict_swap_volume_to_cinder.patch. (Closes: #1111689). * Blacklist non-deterministic unit test: - ComputeTestCase.test_add_remove_fixed_ip_updates_instance_updated_at nvidia-graphics-drivers-tesla-535 (535.274.02-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie. . nvidia-graphics-drivers-tesla-535 (535.274.02-1) unstable; urgency=medium . * New upstream LTS and Tesla branch release 535.274.02 (2025-09-30). * Fixed CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345. (Closes: #1118688) https://nvidia.custhelp.com/app/answers/detail/a_id/5703 . [ Andreas Beckmann ] * Refresh patches. onetbb (2022.1.0-1+deb13u1) trixie; urgency=medium . * Team upload. * Skip some tests when the machine has a single CPU. Closes: #1108053. * Skip test_mutex, it fails in Salsa CI. Closes: #1094260. open-vm-tools (2:12.5.0-2+deb13u1) trixie; urgency=high . * [eb68735] Gitlab CI / GBP configs: use trixie * [21e31a4] Disable (default) the execution of the SDMP get-versions.sh script (CVE-2025-41244) Thanks to Salvatore Bonaccorso * [0e87684] Generate debdiffs in salsa CI automatically openjdk-21 (21.0.9+10-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie openjdk-21 (21.0.9~8ea-1) unstable; urgency=medium . * OpenJDK 21.0.9 early access, build 8. . [ Matthias Klose ] * d/rules: Let the install target depend on the build target. Closes: #1105471. . [ Vladimir Petko ] * d/t/problems.csv: Synchronize problem list. openjdk-21 (21.0.9~5ea-1) unstable; urgency=medium . * OpenJDK 21.0.9 early access, build 5. . [ Vladimir Petko ] * d/copyright-generator/copyright-gen.py: bump copyright year. * d/copyright: regenerate. . [ Matthias Klose ] * Build using GCC 15 on development releases. openjdk-25 (25.0.1+8-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie openjdk-25 (25+36-1) unstable; urgency=medium . * OpenJDK 25 GA, build 36. Release notes: https://mail.openjdk.org/pipermail/jdk-dev/2025-September/010483.html . [ Vladimir Petko ] * d/rules: Mark as release. * d/watch: Regenerate. openjdk-25 (25~36ea-1) unstable; urgency=medium . * OpenJDK 25 snapshot, Build 36. * Build using GCC 15 on development releases. openjdk-25 (25~34ea-1) unstable; urgency=medium . * OpenJDK 25 snapshot, Build 34. . [ Matthias Klose ] * Update VCS attributes. . [ Vladimir Petko ] * d/copyright-generator/copyright-gen.py: bump copyright year. * d/copyright: regenerate. openssl (3.5.4-1~deb13u1) trixie; urgency=medium . * Import 3.5.4 openssl (3.5.3-1) unstable; urgency=medium . * Import 3.5.3 * Drop pic & Bsymbolic patches. This shouldn't be needed anymore. openssl (3.5.2-1) unstable; urgency=medium . * Import 3.5.2 openssl (3.5.1-1+deb13u1) trixie-security; urgency=medium . * CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap) * CVE-2025-9231 (Timing side-channel in SM2 algorithm on 64 bit ARM) * CVE-2025-9232 (Out-of-bounds read in HTTP client no_proxy handling) openvpn-auth-radius (2.1-9+deb13u1) trixie; urgency=medium . * patches/0008-authenticate-fix: Fix packet authentication (Closes: Bug#1118479) orphan-sysvinit-scripts (0.21+deb13u2) trixie; urgency=medium . * Add haveged init script (Closes: #1118622) patroni (4.0.7-3~deb13u1) trixie; urgency=medium . * Upload to stable. patroni (4.0.7-2) unstable; urgency=medium . * debian/tests/acceptance: Further changes to stopping etcd. If the init script exists, use it. Otherwise, if systemd is available, use that. If neither are available, do not try to stop etcd. patroni (4.0.7-1) unstable; urgency=medium . * New upstream release. * debian/patches/startup_scripts.patch: Refreshed. * debian/patches/avoid_overwriting_configuration_during_boostrap.patch: Likewise. * debian/patches/replslot-cluster-type-attribute.patch: Likewise. * debian/tests/acceptance: Only stop etcd if init script exists. pdns-recursor (5.2.6-0+deb13u1) trixie-security; urgency=medium . * New upstream version 5.2.6, fixing CVE-2025-59023. pdns-recursor (5.2.5-1) unstable; urgency=medium . * New upstream version 5.2.5 pdns-recursor (5.2.4-2+deb13u1) trixie; urgency=medium . * d/gbp.conf: update for trixie branch * d/rules: fix DEB_VERSION/DEB_VENDOR being empty. Thanks to Steve Mokris (Closes: #1113814) * d/rules: stop setting CARGO_REGISTRY, fixes Static-Built-Using Thanks to Fabian Gruenbichler. phpmyadmin (4:5.2.2-really+dfsg-1+deb13u1) trixie; urgency=medium . * Update d/missing-source for CVE-2025-3573 - jquery-validation - Fix XSS in the showLabel() function poppler (25.03.0-5+deb13u2) trixie; urgency=high . [ Leonidas Da Silva Barbosa ] * SECURITY UPDATE: Denial of service - debian/patches/CVE-2025-50420.patch: don't continue recursing in PDFDoc in poppler/PDFDoc.cc. - CVE-2025-50420 (Closes: #1110463) postfix (3.10.5-1~deb13u1) trixie; urgency=medium . * new upstream stable/bugfix 3.10.5 release, with multiple fixes. From the upstream release notes: - Workaround for an interface mis-match between the Postfix SMTP client and MTA-STS policy plugins. * The existing behavior is to connect to any MX host listed in DNS, and to match the server certificate against any STS policy MX host pattern. * The corrected behavior is to connect to an MX host only if its name matches any STS policy MX host pattern, and to match the server certificate against the MX hostname. The corrected behavior must be enabled in two places: in Postfix with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and in an MTA-STS plugin by enabling TLSRPT support, so that the plugin forwards STS policy attributes to Postfix. This works even if Postfix TLSRPT support is disabled at build time or at runtime. - TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-found", pretend that the TLSRPT policy domain value is equal to the recipient domain. This ignores that different policy types (TLSA, STS) use different policy domains. But this is what Microsoft does, and therefore, what other tools expect. - Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's connection reuse logic did not distinguish between sessions that require SMTPUTF8 support, and sessions that do not. The solution is 1) to store sessions with different SMTPUTF8 requirements under distinct connection cache storage keys, and 2) to not cache a connection when SMTPUTF8 is required but the server does not support that feature - Bugfix (defect introduced: Postfix 3.0, date 20140731): the smtpd 'disconnect' command statistics did not count commands with "bad syntax" and "bad UTF-8 syntax" errors - Postfix 3.11 forward compatibility: to avoid ugly warnings when Postfix 3.11 is rolled back to an older version, allow a preliminary 'size' record in maildrop queue files created with Postfix 3.11 or later - Bugfix (defect introduced: Postfix 3.8, date 20220128): non-reproducible build, because the 'postconf -e' output order for new main.cf entries was no longer deterministic - To make builds predictable, add missing meta_directory and shlib_directory settings to the stock main.cf file - Bugfix (defect introduced: Postfix 3.9, date 20230517): posttls-finger(1) logged an incorrectly-formatted port number * debian/patches/debian-defaults.patch: refresh, update for 2 new parameters (with defaults) in main.cf, and make it with less context * configure-instance.in: fix typo which caused recreating cadir in chroot and excessive logging (Closes: #1115412) postfix (3.10.4-3) unstable; urgency=medium . * Revert "std23-bool.patch: gcc-15 support (#1097639)" (didn't work) * rules: specify -std=gnu17 for CC for now (actually Closes: #1097639) postfix (3.10.4-2) unstable; urgency=medium . * std23-bool.patch: gcc-15 support (Closes: #1097639) * configure-instance.in: fix typo which caused recreating cadir in chroot and excessive logging (Closes: #1115412) postfix (3.10.4-1) unstable; urgency=medium . * New upstream stable/bugfix version 3.10.4, with a handful of fixes * d/rules: use pkgconf for mongoc instead of hard-coding paths/libs presage (0.9.1-2.6+deb13u1) trixie; urgency=medium . * debian/patches: + Add allow-words-with-apostrophes-to-be-predicted.patch. Support suggesting words containing apostrophes. Don't crash maliit-server / lomiri-keyboard / lomiri when using /usr/lib/lomiri-keyboard/plugins/en/database_en.db presage DB. (Closes: #770831, LP:#1384800). privatebin-cli (2.0.2-1+deb13u1) trixie; urgency=medium . * d/patches: Add patch to fix GCM issues with newer golang. (Closes: #1108675) proftpd-dfsg (1.3.8.c+dfsg-4+deb13u1) trixie; urgency=medium . [ Evgeni Golov ] * Do not remove non-empty /srv/ftp upon purge (Closes: #1119295). puppet-module-puppetlabs-rabbitmq (8.5.0-8+deb13u1) trixie; urgency=medium . * fix-list_users-provider.patch: also handle the case when there's no users at all. * Add setup-all-nodes-as-disk-nodes.patch. puppet-module-tempest (25.0.0-1+deb13u1) trixie; urgency=medium . * Add Fix_autoloading_of_openstack_provider.patch. python-eventlet (0.39.1-2+deb13u1) trixie; urgency=medium . * CVE-2025-58068: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. Applied upstream patch (Closes: #1112515): - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch python-internetarchive (5.4.0-2~deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * backport fix for directory transversal issue (Closes: #1114635, CVE-2025-58438) qemu (1:10.0.6+ds-0+deb13u2) trixie; urgency=medium . * d/changelog: remove wrong closes: #1095935 from the previous changelog entry (and reopen the bug): I confused it with another bug * linux-user-use-correct-type-for-FIBMAP-and-FIGETBSZ.patch - add a patch from upstream stable series (before next stable release) - fix wrong emulation of FIBMAP and FIGETBSZ ioctls. Needed for s390x cloud images. Will be in next upstream stable release, so will be removed in next debian. (Closes: #1119257) qemu (1:10.0.6+ds-0+deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.6 release - linux-user/microblaze: Fix little-endianness binary - target/hppa: correct size bit parity for fmpyadd - target/i386: user: do not set up a valid LDT on reset - async: access bottom half flags with qatomic_read - target/i386: fix x86_64 pushw op - i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit - i386/cpu: Prevent delivering SIPI during SMM in TCG mode - i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS - target/i386: Fix CR2 handling for non-canonical addresses - block/curl.c: Use explicit long constants in curl_easy_setopt calls - pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs - target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN=32 and SEW=64 - target/riscv: Fix ssamoswap error handling - target/riscv: Fix SSP CSR error handling in VU/VS mode - target/riscv: Fix the mepc when sspopchk triggers the exception - target/arm: Don't set HCR.RW for AArch32 only CPUs - pcie_sriov: make pcie_sriov_pf_exit() safe on non-SR-IOV devices - docs/devel: Correct uefi-vars-x64 device name - hid: fix incorrect return value for hid - ui/gtk: Fix callback function signature - ui/gtk: Consider scaling when propagating ui info - Revert "i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check" - Revert "target/i386: do not expose ARCH_CAPABILITIES on AMD CPU" * new upstream stable/bugfix release: - Update version for 10.0.5 release - tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image - tests/functional/test_ppc_bamboo: Replace broken link with working assets - physmem: Destroy all CPU AddressSpaces on unrealize - memory: New AS helper to serialize destroy+free - include/system/memory.h: Clarify address_space_destroy() behaviour - migration: Fix state transition in postcopy_start() error handling - target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions - target/riscv: rvv: Replace checking V by checking Zve32x - target/riscv: Fix endianness swap on compressed instructions - hw/riscv/riscv-iommu: Fixup PDT Nested Walk - target/riscv: do not use translator_ldl in opcode_at - target/riscv: use riscv_csrr in riscv_csr_read - hw/char: sifive_uart: Raise IRQ according to the Tx/Rx watermark thresholds - docs/interop/firmware: Add riscv64 to FirmwareArchitecture - hw/riscv/riscv-iommu: Fix MSI table size limit - ui/icons/qemu.svg: Add metadata information (author, license) to the logo - ui/spice: Fix abort on macOS - ppc/spapr: init lrdr-capapcity phys with ram size if maxmem not provided - hw/intc/xics: Add missing call to register vmstate_icp_server - hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint Closes: #1082377 (CVE-2024-8354) - tests/tcg/multiarch: Add tb-link test - accel/tcg: Properly unlink a TB linked to itself - tests: Fix "make check-functional" for targets without thorough tests - .gitlab-ci.d/buildtest.yml: Unset CI_COMMIT_DESCRIPTION for htags - tcg/optimize: Fix folding of vector bitsel - hw/pci-host/astro: Don't call pci_regsiter_root_bus() in init - hw/pci-host/dino: Don't call pci_register_root_bus() in init - target/sparc: Relax decode of rs2_or_imm for v7 - target/sparc: Loosen decode of RDTBR for v7 - target/sparc: Loosen decode of RDWIM for v7 - target/sparc: Loosen decode of RDPSR for v7 - target/sparc: Loosen decode of RDY for v7 - target/sparc: Loosen decode of STBAR for v8 - target/sparc: Allow TRANS macro with no extra arguments - linux-user: avoid -Werror=int-in-bool-context - multiboot: Fix the split lock - target/i386: Define enum X86ASIdx for x86's address spaces - i386/cpu: Enable SMM cpu address space under KVM - hw/usb/network: Remove hardcoded 0x40 prefix in STRING_ETHADDR response - rust: hpet: fix new warning - ci: run RISC-V cross jobs by default - tests/docker/dockerfiles/python.docker: pull fedora:40 image instead of fedora:latest - .gitmodules: move u-boot mirrors to qemu-project-mirrors - iotests/check: always enable all python warnings - iotests/151: ensure subprocesses are cleaned up - iotests/147: ensure temporary sockets are closed before exiting - python: ensure QEMUQtestProtocol closes its socket - iotests: drop compat for old version context manager - python: backport 'avoid creating additional event loops per thread' - python: backport 'Remove deprecated get_event_loop calls' - python: backport 'qmp-tui: Do not crash if optional dependencies are not met' - python: backport 'qmp-shell-wrap: handle missing binary gracefully' - python: backport 'Use @asynciocontextmanager' - python: backport 'drop Python3.6 workarounds' - python: backport 'kick event queue on legacy event_pull()' - ui/vnc: Fix crash when specifying [vnc] without id in the config file - target/loongarch: Guard 64-bit-only insn translation with TRANS64 macro - target/loongarch: Add CRC feature flag and use it to gate CRC instructions * new upstream stable/bugfix release: - Update version for 10.0.4 release - block/curl: fix curl internal handles handling (Closes: #1111809) - hw/gpio/pca9554: Avoid leak in pca9554_set_pin() - hw/ppc: Fix build error with CONFIG_POWERNV disabled - target/mips: fix TLB huge page check to use 64-bit shift - linux-user/mips: Select M14Kc CPU to run microMIPS binaries - linux-user/mips: Select 74Kf CPU to run MIPS16e binaries - elf: Add EF_MIPS_ARCH_ASE definitions - e1000e: Prevent crash from legacy interrupt firing after MSI-X enable - Revert "tests/qtest: use qos_printf instead of g_test_message" - vfio scsi ui: Error-check qio_channel_socket_connect_sync() the same way - i386/kvm/vmsr_energy: Plug memory leak on failure to connect socket - qga: Fix truncated output handling in guest-exec status reporting - qga-vss: Write hex value of error in log - qga/installer: Remove QGA VSS if QGA installation failed - hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects - qemu/atomic: Finish renaming atomic128-cas.h headers - scripts/kernel-doc: Avoid new Perl precedence warning - target/arm: Trap PMCR when MDCR_EL2.TPMCR is set - hw/intc/arm_gicv3_kvm: preserve pending interrupts during cpr - linux-user: Add strace for rseq - i386/tcg/svm: fix incorrect canonicalization - python: mkvenv: fix messages printed by mkvenv - hw/uefi: open json file in binary mode - hw/uefi: check access for first variable - hw/uefi: return success for notifications - hw/uefi: clear uefi-vars buffer in uefi_vars_write callback - mkvenv: Support pip 25.2 - hw/sd/ssi-sd: Return noise (dummy byte) when no card connected - qemu-iotests: Ignore indentation in Killed messages - rbd: Fix .bdrv_get_specific_info implementation - hw/nvme: cap MDTS value for internal limitation - hw/nvme: revert CMIC behavior - hw/nvme: fix namespace attachment - target/loongarch: Fix [X]VLDI raising exception incorrectly - ui/curses: Fix infinite loop on windows - ppc/xive2: Fix treatment of PIPR in CPPR update - ppc/xive2: Fix irq preempted by lower priority group irq - ppc/xive2: Reset Generation Flipped bit on END Cache Watch - ppc/xive: Fix PHYS NSR ring matching - ppc/xive2: fix context push calculation of IPB priority - ppc/xive2: Remote VSDs need to match on forwarding address - ppc/xive2: Fix calculation of END queue sizes - ppc/xive: Report access size in XIVE TM operation error logs - ppc/xive: Fix xive trace event output - target/i386/cpu: Move addressable ID encoding out of compat property in CPUID[0x1] - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16] - i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check - Revert "i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16]" (The 5 changes above Closes: #1095935 in 10.0.x) - qga: correctly write to /sys/power/state on linux (Closes: #1108387) - scripts/make-release: Go back to cloning all the EDK2 submodules - target/arm: add support for 64-bit PMCCNTR in AArch32 mode - hw/ssi/aspeed_smc: Fix incorrect FMC_WDT2 register read on AST1030 - target/arm: Fix handling of setting SVE registers from gdb - target/arm: Fix big-endian handling of NEON gdb remote debugging - hw/intc/arm_gicv3_kvm: Write all 1's to clear enable/active - hw/i386/amd_iommu: Move IOAPIC memory region initialization to the end - intel_iommu: Allow both Status Write and Interrupt Flag in QI wait - pcie_sriov: Fix configuration and state synchronization - virtio-net: Fix VLAN filter table reset timing - vhost: Do not abort on log-stop error - vhost: Do not abort on log-start error - virtio: fix off-by-one and invalid access in virtqueue_ordered_fill - target/loongarch: Fix valid virtual address checking - target/riscv: Restrict midelegh access to S-mode harts - target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts - intc/riscv_aplic: Fix target register read when source is inactive - target/riscv: Fix pmp range wraparound on zero - target/riscv: Fix exception type when VU accesses supervisor CSRs - target/riscv: do not call GETPC() in check_ret_from_m_mode() - linux-user/strace.list: add riscv_hwprobe entry - roms/Makefile: fix npcmNxx_bootrom build rules - system/physmem: fix use-after-free with dispatch - hw/net/cadence_gem: fix register mask initialization - target/mips: Only update MVPControl.EVP bit if executed by master VPE - docs/user: clarify user-mode expects the same OS - linux-user/aarch64: Support TPIDR2_MAGIC signal frame record - linux-user/aarch64: Clear TPIDR2_EL0 when delivering signals - target/i386: fix width of third operand of VINSERTx128 - hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation - host-utils: Drop workaround for buggy Apple Clang __builtin_subcll() * drop patches included upstream: - hw-display-qxl-render.c-fix-qxl_unpack_chunks-chunk-.patch - pcie_sriov-Fix-configuration-and-state-synchronizati.patch - system-physmem-fix-use-after-free-with-dispatch.patch * d/control.mk: 10.0.6+ds qemu (1:10.0.3+ds-4) unstable; urgency=medium . [ Heinrich Schuchardt ] * d/control: qemu-system-riscv missing recommends qemu-system-riscv needs the same/similar packages for EFI, spice, opengl, special block devices, as qemu-system-arm and qemu-system-x86 . [ Michael Tokarev ] * d/control: omit system-xen if omit-system build profile is specified this makes pkg.qemu.omit-system to omit all system components, including xen * qemu-user binfmts: stop supporting old kernels using custom patch qemu supports argv[0] handling with a help of kernel support since at least bullseye (or even buster), - for a really long time. There's no need to use custom code for older kernels anymore. Also closes: #1054104 * d/binfmt-install: do not generate update-binfmt un-registration postinst script for upgrades from bookworm * d/control: drop old (pre-bookworm) breaks/replaces/conflicts/provides * hw-uefi-clear-uefi-vars-buffer-in-uefi_vars_write-CVE-2025-8860.patch Closes: #1111030, CVE-2025-8860 * d/control: remove long-forgotten qemu-system-common dependency on acl (for #762192) which is not needed * remove qemu-user-static package (& qemu-debootstrap) remove links to qemu-user with -static suffix, together with obsolete qemu-debootstrap command. qemu-user-static is now provided by qemu-user-binfmt package. Also closes: #1107554 * d/gbp.conf: switch to master branch qemu (1:10.0.3+ds-3) unstable; urgency=medium . * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration. This means suid and sgid binaries under qemu-user will work without changing credentials. This is a serious security issue, since qemu-user never supposed to be used in this way, and it is trivial to get elevated privileges for an attacker if there's any suid/sgid binary under qemu-user which is runnable for an attacker. This change might break CI/testing environment expectations. * d/qemu-user.postinst: trigger /usr/lib/binfmt.d (#1110982) * d/rules: fix typo in comment (it is qemu-system-data, not qemu-user-data) qemu (1:10.0.3+ds-2) unstable; urgency=medium . * d/control: (temporarily) build-depend on python3-distlib to work around new pip 25.2+ in forky qemu (1:10.0.3+ds-1) unstable; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.3 release - hvf: arm: Emulate ICC_RPR_EL1 accesses properly - target/arm: Correct encoding of Debug Communications Channel registers https://gitlab.com/qemu-project/qemu/-/issues/2986 - ui: fix setting client_endian field defaults - hw/net/npcm_gmac.c: Send the right data for second packet in a row - target/i386: do not expose ARCH_CAPABILITIES on AMD CPU - i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] - i386/cpu: Fix overflow of cache topology fields in CPUID.04H - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - ui/vnc: Do not copy z_stream - vhost: Fix used memslot tracking when destroying a vhost device - roms: re-remove execute bit from hppa-firmware* - file-posix: Fix aio=reads performance regression after enablign FUA https://issues.redhat.com/browse/RHEL-96854 - amd_iommu: Fix truncation of oldval in amdvi_writeq - amd_iommu: Remove duplicated definitions - amd_iommu: Fix the calculation for Device Table size - amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE - amd_iommu: Fix masks for various IOMMU MMIO Registers - amd_iommu: Update bitmasks representing DTE reserved fields - amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command - amd_iommu: Fix Miscellaneous Information Register 0 encoding - virtio-net: Add queues for RSS during migration - net: fix buffer overflow in af_xdp_umem_create() - accel/kvm: Adjust the note about the minimum required kernel version - linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC - migration: Don't sync volatile memory after migration completes - linux-user: Hold the fd-trans lock across fork https://gitlab.com/qemu-project/qemu/-/issues/2846 - linux-user: Check for EFAULT failure in nanosleep - linux-user: Implement fchmodat2 syscall https://gitlab.com/qemu-project/qemu/-/issues/3019 - hw/arm/fsl-imx8mp: Wire VIRQ and VFIQ - target/arm: Don't enforce NSE,NS check for EL3->EL3 returns https://gitlab.com/qemu-project/qemu/-/issues/3016 - target/i386: fix TB exit logic in gen_movl_seg() when writing to SS https://gitlab.com/qemu-project/qemu/-/issues/2987 - target/arm: Fix bfdotadd_ebf vs nan selection - target/arm: Fix f16_dotadd vs nan selection - target/arm: Fix PSEL size operands to tcg_gen_gvec_ands - target/arm: Fix 128-bit element ZIP, UZP, TRN - target/arm: Fix sve_access_check for SME - target/arm: Fix SME vs AdvSIMD exception priority - hw/s390x/ccw-device: Fix memory leak in loadparm setter - virtio-gpu: support context init multiple timeline - target/arm: Correct KVM & HVF dtb_compatible value - target/arm: Make RETA[AB] UNDEF when pauth is not implemented - tcg: Fix constant propagation in tcg_reg_alloc_dup https://gitlab.com/qemu-project/qemu/-/issues/3002 - target/loongarch: fix vldi/xvldi raise wrong error - target/loongarch: add check for fcond - linux-user/arm: Fix return value of SYS_cacheflush - hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions - qemu-options.hx: Fix reversed description of icount sleep behavior - hw/arm/virt: Check bypass iommu is not set for iommu-map DT property - hw/loongarch/virt: Fix big endian support with MCFG table - hw/core/qdev-properties-system: Add missing return in set_drive_helper() - iotests: fix 240 - target/i386: Remove FRED dependency on WRMSRNS - hw/audio/asc: fix SIGSEGV in asc_realize() - audio: fix size calculation in AUD_get_buffer_size_out() - audio: fix SIGSEGV in AUD_get_buffer_size_out() - hw/i386/amd_iommu: Fix xtsup when vcpus < 255 - hw/i386/amd_iommu: Fix device setup failure when PT is on. - hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine - vhost: Don't set vring call if guest notifier is unused - hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info - ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats - ui/vnc: take account of client byte order in pixman format - ui/vnc.c: replace big endian flag with byte order value - ui/sdl: Consider scaling in mouse event handling - ui/gtk: Update scales in fixed-scale mode when rendering GL area - gtk/ui: Introduce helper gd_update_scale - ui/gtk: Use consistent naming for variables in different coordinates - ui/gtk: Document scale and coordinate handling - hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts - hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang * d/gbp.conf: switch to debian-trixie branch * d/control.mk: checked-version=10.0.3+ds * qemu-img-options.patch: adjust help text for "convert" subcommand: use the historic option which were accepted by the upstream, not the new option introduced in this patch * pcie_sriov-Fix-configuration-and-state-synchronizati.patch from upstream Closes: #1109989, CVE-2025-54566, CVE-2025-54567 qt6-base (6.8.2+dfsg-9+deb13u1) trixie; urgency=medium . * Backport patch to fix high CPU load of kwin_x11 when locking the screen. quicktext (6.4.6-1~deb13u1) trixie; urgency=medium . * Rebuildfor trixie after upload thunderbird 140.3 quicktext (6.4.4-1~exp1) experimental; urgency=medium . [ Mechtilde ] * [c2fa859] Improved d/u/metadata using Mozilla repo * [747d9c9] Fixed d/dpb.conf * [be3897e] New upstream version 6.4.4 * [c2fa859] Improved d/u/metadata using Mozilla repo * [747d9c9] Fixed d/dpb.conf * [be3897e] New upstream version 6.4.4 quicktext (6.4.1-1~exp1) experimental; urgency=medium . [ Mechtilde ] * [19f530b] New upstream version 6.4.1 * [a42d224] New upstream version 6.4 * [f37aa19] Bumped version of thunderbird * [1fc0b84] Added d/dpb.conf for using with debian-package-scripts * [a72aabf] Bumped version for thunderbird rabbitmq-server (4.0.5-6+deb13u2) trixie; urgency=medium . * CVE-2025-50200: In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. Added upstream patch: Fix_Cowboy_crashes_caused_by_double_reply.patch. (Closes: #1108075) redis (5:8.0.2-3+deb13u1) trixie-security; urgency=medium . * CVE-2025-49844 / CVE-2025-46819 / CVE-2025-46818 / CVE-2025-46817 request-tracker5 (5.0.7+dfsg-4+deb13u1) trixie-security; urgency=medium . * Apply upstream patch which fixes several security vulnerabilities: - [CVE-2025-61873] Fix CSV injection via ticket values with special characters that are exported to a TSV from search results. - [CVE-2025-9158] Fix XSS via calendar invitations added to a ticket. riseup-vpn (0.24.10+ds1-1+deb13u1) trixie; urgency=medium . * Add qml6-module-qtcore to Depends (Closes: #1110558) rocm-hipamd (5.7.1-6+deb13u1) trixie; urgency=medium . [ Cordell Bloor ] * Add d/p/0041-inline-bf16-functions.patch to mark functions defined in amd_hip_bf16.h as inline. This change prevents multiple definition errors during linking for programs that include in more than one translation unit (Closes: #1116585) * Fix hipcc manpage title (Closes: #1107681) * Fix spelling error in roc-obj-ls manpage rsyslog-doc (8.2504.0+dfsg-1+deb13u1) trixie; urgency=medium . * Switch debian-branch to debian/trixie * Use sphinx_rtd_theme instead of the sphinx default theme. This matches what upstream has been using in the past and results in a nicer looking and more usable output, e.g. it produces a proper toc in the sidebar. ruby-rack (3.1.18-1~deb13u1) trixie-security; urgency=medium . * New upstream version 3.1.18. - CVE-2025-61772: Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion). - CVE-2025-61771: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion). - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS (memory exhaustion). - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass. - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion. - Closes: #1117855, #1117856, #1117627, #1117628 ruby-sys-filesystem (1.4.4-1+deb13u1) trixie; urgency=medium . * Backport upstream PR#82 to fix linux64 detection fails on s390x and alpha (Closes: #1114552). rust-virtiofsd (1.13.2-1+deb13u1) trixie; urgency=medium . * add Depends: uidmap. Closes: #1109051 virtiofsd uses uidmap when run in a user namespace, and this is the most secure way to use it. So uidmap package is basically required. sail (0.9.8-1+deb13u1) trixie; urgency=medium . * Add upstream patches to fix security vulnerabilities. (Closes: #1112346) - CVE-2025-32468 - CVE-2025-35984 - CVE-2025-46407 - CVE-2025-50129 - CVE-2025-52456 - CVE-2025-52930 - CVE-2025-53085 - CVE-2025-53510 samba (2:4.22.6+dfsg-0+deb13u1) trixie; urgency=medium . * new upstream stable/security release: - https://bugzilla.samba.org/show_bug.cgi?id=15843: macOS Finder client DFS broken on 4.22.0 - https://bugzilla.samba.org/show_bug.cgi?id=15900: 'net ads group' failed to list domain groups - https://bugzilla.samba.org/show_bug.cgi?id=15905: samba-4.21 fails to join AD when multiple DCs are returned - https://bugzilla.samba.org/show_bug.cgi?id=15919: vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send - https://bugzilla.samba.org/show_bug.cgi?id=15921: CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set - https://bugzilla.samba.org/show_bug.cgi?id=15926: Samba 4.22 breaks Time Machine - https://bugzilla.samba.org/show_bug.cgi?id=15927: Spotlight search restriction for shares incomplete and default search searches in too many attributes - https://bugzilla.samba.org/show_bug.cgi?id=15931: rpcd_mdssvc may crash because name mangling is not initialized - https://bugzilla.samba.org/show_bug.cgi?id=15933: Only increment lease epoch if a lease was granted . * new upstream security release: - CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr https://www.samba.org/samba/security/CVE-2025-9640.html - CVE-2025-10230: Command injection via WINS server hook script https://www.samba.org/samba/security/CVE-2025-10230.html samba (2:4.22.6+dfsg-0+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports (resolve before-trixie build profile). samba (2:4.22.4+dfsg-1) unstable; urgency=medium . * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 - https://bugzilla.samba.org/show_bug.cgi?id=15663: Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine) - https://bugzilla.samba.org/show_bug.cgi?id=15816: vfs_streams_depot fstatat broken - https://bugzilla.samba.org/show_bug.cgi?id=15840: kinit command is failing with Missing cache Error - https://bugzilla.samba.org/show_bug.cgi?id=15844: getpwuid does not shift to new DC when current DC is down - https://bugzilla.samba.org/show_bug.cgi?id=15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName - https://bugzilla.samba.org/show_bug.cgi?id=15877: Fix handling of empty GPO link - https://bugzilla.samba.org/show_bug.cgi?id=15880: SMB ACL inheritance doesn't work for files created - https://bugzilla.samba.org/show_bug.cgi?id=15881: Unresponsive second DC can cause idmapping failure when using idmap_ad (was libads-fix-get_kdc_ip_string.patch) - https://bugzilla.samba.org/show_bug.cgi?id=15891: Figuring out the DC name from IP address fails and breaks fork_domain_child() - https://bugzilla.samba.org/show_bug.cgi?id=15892: Delayed leader broadcast can block ctdb forever * libads-fix-get_kdc_ip_string.patch: remove, included upstream * d/gbp.conf: debian-branch=debian/4.22 samhain (4.1.4-6+deb13u1) trixie; urgency=medium . * d/rules: - Quick fix preventing potential segfaults (Closes: #1111631) shibboleth-sp (3.5.0+dfsg-2+deb13u1) trixie-security; urgency=high . * [627cc27] New patch: SSPCPP-1014 - Extend escaping in strings. Fix SQL injection vulnerability in Service Provider ODBC plugin: specially crafted inputs can exfiltrate information stored in the database used by the SP. The vulnerability is moderate to high severity for anyone using the ODBC plugin, and of no impact for others. Thanks to Scott Cantor (Closes: #1114506) spip (4.4.3+dfsg-1+deb13u1) trixie; urgency=medium . * Track debian/trixie * Backport security fix from 4.4.5: Fix open redirect on ajax login form squid (6.13-2+deb13u1) trixie-security; urgency=high . * Non Maintainer Upload by LTS team * Fix CVE-2025-62168 (Closes: #1118341) Due to a failure to redact HTTP Authentication credentials Squid is vulnerable to an Information Disclosure attack. * Fix CVE-2025-59362 (Closes: #1117048) Squid mishandles ASN.1 encoding of long SNMP OIDs. stardict (3.0.7+git20220909+dfsg-8~deb13u1) trixie; urgency=medium . * Upload to trixie * Update d/gbp.conf for trixie-specific stardict (3.0.7+git20220909+dfsg-7) unstable; urgency=medium . * d/stardict-plugin.install:not install stardict_dictdotcn.so, Closes: #806960 * d/rules:Added --disable-dictdotcn option, dictdotcn is not provid server now suricata (1:7.0.10-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-53538 in 7.0.10. Cherry-Picked from upstream 97eee2cadacf3423a1ebcdd1943a7a7917f5cc56. Closes: #1109806 Reference: #1116945 * Fix CVE-2025-59147 in 7.0.10. Cherry-Picked from upstream e91b03c90385db15e21cf1a0e85b921bf92b039e and slightly modified to fit for Suricata 7.0.10. Reference: #1119940 syslog-ng (4.8.1-5+deb13u1) trixie; urgency=medium . * Turn off writing log statistics (closes: #1110329). systemd (257.9-1~deb13u1) trixie; urgency=medium . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd (257.8-1~deb13u2) trixie; urgency=medium . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) systemd-boot-efi-amd64-signed (257.9+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.9-1~deb13u1 . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd-boot-efi-amd64-signed (257.8+1~deb13u2) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u2 . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) systemd-boot-efi-arm64-signed (257.9+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.9-1~deb13u1 . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd-boot-efi-arm64-signed (257.8+1~deb13u2) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u2 . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) tango (10.0.2+dfsg1-2+deb13u1) trixie; urgency=medium . * Team upload. * Fix broken communication between major versions: libtango9 cannot receive events from libtango10 (Closes: #1118207) * d/gitlab-ci.yml (Salsa CI): - Set RELEASE to trixie in d/gitlab-ci.yml to explicitly trigger trixie-based pipelines. - Disable the reprotest job. Releases older than unstable are not very well supported by the Salsa CI's reprotest job, and this failing without a good reason. tango (10.0.2+dfsg1-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Team upload. * Rebuild for bookworm-backports. * Set RELEASE to bookworm-backports in d/gitlab-ci.yml. To explicitly trigger bookworm-backports-based pipelines. tbsync (4.16-1~deb13u2) trixie; urgency=medium . * Added dir api/ to d/rules. It follows 4.16-2 in unstable #1118180. tbsync (4.16-1~deb13u1) trixie; urgency=medium . * Rebuild for uploading with thunderbird>= 140.3 to trixie thunderbird (1:140.4.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.4.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.3.1esr-1) unstable; urgency=medium . * [f86a89f] New upstream version 140.3.1esr * [87cb9f6] d/control: Update packages need to have a Breaks Updating the packages in the Breaks field as like very often with a new ESR version some AddOns need to be bumped too. Removing old non existing or not relevant packages from the field. Adding these new packages: webext-allow-html-temp (<= 10.0.8-1~) webext-dav4tbsync (<= 4.8-2~) webext-eas4tbsync (<= 4.17-1~) webext-mailmindr (<= 1.7.1-2~) webext-quicktext (<= 6.4.6-1~) webext-tbsync (<= 4.16-1~) webext-xnotepp (<= 4.5.81-1~) (Closes: #1116976) thunderbird (1:140.3.0esr-1) unstable; urgency=medium . [ Carsten Schoenert ] * [de64a72] d/watch: Mangle 'esr' suffix from version * [85543ab] New upstream version 140.3.0esr Fixed CVE issues in upstream version 140.3 (MFSA 2025-78): CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component CVE-2025-10529: Same-origin policy bypass in the Layout component CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component CVE-2025-10533: Integer overflow in the SVG component CVE-2025-10536: Information disclosure in the Networking: Cache component CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (Closes: #1115605) * [635002d] Rebuild patch queue from patch-queue branch * [6d2f42d] d/control: Remove Rules-Requires-Root . [ Carles Pina i Estany ] * [634cd34] d/control: Drop Recommends on thunderbird-l10n-fi (Closes: #1115457) . [ Dandan Zhang ] * [00691f6] d/control: Adding loong64 architecture (Closes: #1059966) thunderbird (1:140.2.0esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [3449bf5] d/rules: export CC and CXX definitions on ppc64 This is a follow-up fix for [cb1ed45]. . [ Carsten Schoenert ] * [2e811f6] d/watch: Migrate to version 5 * [ddad9bc] New upstream version 140.2.0esr thunderbird (1:140.1.1esr-1) experimental; urgency=medium . * [e6e4d2d] d/source.filter: Update content to filter out * [4b7d308] New upstream version 140.1.1esr * [472919e] d/rules: Add target for NSS and NSPR versions * [3e7b6b0] d/control: Bump B-D for libnss3-dev thunderbird (1:140.1.0esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [7ac28d3] d/rules: export 'Clto=thin' on i386 to stay in the memory budged Added patch: debian-hacks/Allow-to-override-rust-LTO-flag.patch . [ Carsten Schoenert ] * [2ed0df2] d/create-upstream-tarballs.py: Use the real CDN URL * [82f0f9e] New upstream version 140.1.0esr * [fb16995] Rebuild patch queue from patch-queue branch Added patch: porting-ppc64el/skia-Adjust-detection-of-ppc64-architecture.patch * [ad0c4b4] d/control: Increase Standards-Version to 4.7.2 No further changes needed. * [dc57502] d/copyright: Update content due upstream changes * [3e8fe05] d/s/lintian-overrides: Update data due upstream changes * [4378ab3] d/t-lintian-overrides: Update due build changes . [ John Paul Adrian Glaubitz ] * [cb1ed45] d/rules: Use gcc and g++ on ppc64 (Closes: #1109861) thunderbird (1:140.0.1esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [259f52c] New upstream version 140.0.1esr (Closes: #1109451) * [a5a86f3] rebuild patch queue from patch-queue branch obsolete patches (fixed upstream): debian-hacks/Downgrade-cbindgen-requirement.patch * [fe04434] d/rules, d/thunderbird.install: ignore additional binary crashhelper for now . [ Alessandro Astone ] * [f5a46a4] Update rule to drop dependency on gtk2 with the new t64 package name thunderbird (1:138.0-1) experimental; urgency=medium . * [870fc65] New upstream version 138.0 * [cc0885e] rebuild patch queue from patch-queue branch added patches: debian-hacks/Downgrade-cbindgen-requirement.patch * [f7487ae] d/control: bump cbindgen build dependency * [61f6d95] d/thunderbird.install: install interesting_serverknobs.json file thunderbird (1:137.0-1) experimental; urgency=medium . * [148e2f7] New upstream version 137.0 thunderbird (1:136.0-1) experimental; urgency=medium . * [3f06ac7] New upstream version 136.0 thunderbird (1:135.0-1) experimental; urgency=medium . * [bdcaf66] Revert "d/rules: Move/rename third party Python modul temporarly" (Closes: #1093362) * [e33e9d8] New upstream version 135.0 * [e68ae48] rebuild patch queue from patch-queue branch modified patches: porting-mips64el/skia-Disable-musttail-on-mips64.patch porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch thunderbird-l10n/sl-change-Edit-Uredi-to-CTRL-E.patch obsolete patches (fixed upstream): porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch thunderbird (1:132.0~b6-1) experimental; urgency=medium . * [282778e] d/changelog: Correct small typo * [b5b363b] New upstream version 132.0~b6 * [7e23518] d/control: Bump various B-D versions, drop non needed * [f979f8f] d/thunderbird.postinst: Correct misspelled THUNDERBIRD_LIBDIR (Closes: #1082842) thunderbird (1:130.0~b3-1) experimental; urgency=medium . * [041e622] d/control: Fix short description for thunderbird-l10n-lv (Closes: #1079029) * [820aec2] New upstream version 130.0~b3 * [628eb92] d/control: Readd dependencies on librnp{0,-dev} * [8e6b0e8] d/rules: Move/rename third party Python modul temporarly * [ee4c48d] d/source.filter: Exclude some JS files from exclusion thunderbird (1:129.0~b6-1) experimental; urgency=medium . [ Carsten Schoenert ] * [5ee74f4] d/watch: Now watch out for 'esr' suffixed versions * [8e4b85a] d/thunderbird.desktop: Update data with upstream data (Closes: #1042912, #1051261) * [a0e3d2e] New upstream version 129.0~b6 * [0b12902] d/control: Drop B-D on libdbus-glib-1-dev (Closes: #955955) * [cf730a8] d/create-upstream-tarballs.py: Ignore version 129.0 * [0528b45] d/s/lintian-overrides: Update some overrides . [ Michael Weghorn ] * [e4d3be0] Use app ID that matches the desktop file name (Closes: #1022037) thunderbird (1:128.14.0esr-1) unstable; urgency=medium . * [4f3d4b8] New upstream version 128.14.0esr Fixed CVE issues in upstream version 128.14 (MFSA 2025-71): CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component CVE-2025-9181: Uninitialized memory in the JavaScript Engine component CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 tiff (4.7.0-3+deb13u1) trixie-security; urgency=medium . * CVE-2024-13978 (Closes: #1111323) * CVE-2025-8961 (Closes: #1111317) * CVE-2025-9165 (Closes: #1111878) * CVE-2025-9900 tryton-sao (7.0.28+ds1-1+deb13u1) trixie-security; urgency=high . * Add 01_xss_vulnerability_attachments_preview.patch. Patch for security issue: https://discuss.tryton.org/t/security-release-for-issue-14290/8895 The HTML element used to display the document is based on the mimetype. And by default a sandboxed iframe is used to isolate the unsafe content from the parent context. ublock-origin (1.67.0+dfsg-1~deb13u1) trixie; urgency=medium . * Backport version 1.67.0 to trixie to improve user experience and add new filter capabilities. ublock-origin (1.67.0+dfsg-1~deb12u1) bookworm; urgency=medium . * Backport version 1.67.0 to bookworm to improve user experience and add new filter capabilities. (Closes: #1059545) * Fix CVE-2025-4215: Regular Expression Denial of Service (ReDoS) (Closes: #1104635) valkey (8.1.1+dfsg1-3+deb13u1) trixie-security; urgency=medium . * (CVE-2025-49844) A Lua script may lead to remote code execution * (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE * (CVE-2025-46818) A Lua script can be executed in the context of another user * (CVE-2025-46819) LUA out-of-bound read virt-manager (1:5.0.0-5+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Fix: Clicking on "Browse Local" has no effect and throws an error (Closes: #1112514) * Update debian/gbp.conf to point to trixie branches watcher (14.0.0-1+deb13u1) trixie; urgency=medium . * Add export OS_OSLO_MESSAGING_RABBIT__PROCESSNAME for all daemons. * A vulnerability has been identified in OpenStack Nova and OpenStack Watcher in conjunction with volume swap operations performed by the Watcher service. Under specific circumstances, this can lead to a situation where two Nova libvirt instances could reference the same block device, allowing accidental information disclosure to the unauthorized instance. Added upstream patch: OSSN-0094_use_cinder_migrate_for_swap_volume.patch. (Closes: #1111692). webkit2gtk (2.50.1-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the gcc compiler on mips64el since trixie already uses gcc-14 by default. webkit2gtk (2.50.1-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * Don't override the gcc compiler on mips64el since bookworm uses gcc 12 and not gcc 15 (#1116217). * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.0-2) unstable; urgency=medium . * debian/patches/fix-ftbfs-i386.patch: - Update patch to also fix the armhf build. * Force gcc-14 in mips64el because gcc 15 fails with an internal compiler error (#1116217) and clang is not an option ("failed to perform tail call elimination"). * debian/rules: - Remove unused variable EXTRA_BUILD_ARGUMENTS. * debian/patches/disable-nvidia-dmabuf.patch: - Bring back this patch, now adapted to WebKitGTK 2.50.0. webkit2gtk (2.50.0-1) unstable; urgency=medium . * New upstream release. * Bring all changes from the 2.49 (experimental) branch. * debian/copyright: - Update copyright information of all files. * debian/gbp.conf: - Update upstream branch name. * debian/libwebkit2gtk-4.0-37.symbols: - Update symbols. * Refresh all patches. - Drop disable-nvidia-dmabuf.patch for now, it needs changes. * debian/patches/fix-ftbfs-s390x.patch: - Fix FTBFS in s390x (WebKit bug #298308). * debian/patches/fix-ftbfs-i386.patch: - Fix FTBFS in i386 (WebKit bug #299018). * Stop building the transitional packages for forky. * debian/source/lintian-overrides: - Update source-is-missing overrides. webkit2gtk (2.49.90-1) experimental; urgency=medium . * New upstream development release. * debian/watch, debian/gbp.conf: - Branch for 2.49.x in experimental. * Refresh all patches. - Drop fix-ftbfs-armv7.patch. - Drop disable-nvidia-dmabuf.patch for now, it needs changes. * Stop building the transitional packages for forky. * debian/copyright: - Update copyright information of all files. * Stop supporting non-SSE2 i386 CPUs since trixie now requires SSE2 support. - Drop dont-detect-sse2.patch. - Enable the JIT again and disable CLoop. * debian/libwebkit2gtk-4.0-37.symbols: - Update symbols. * debian/source/lintian-overrides: - Update source-is-missing overrides. webkit2gtk (2.48.6-1) unstable; urgency=medium . [ Alberto Garcia ] * New upstream release. * Drop fix-ftbfs-armv7.patch. * Stop supporting non-SSE2 i386 CPUs since SSE2 is required starting from trixie. - Drop dont-detect-sse2.patch. - Enable the JIT again and disable CLoop. * Use clang in i386. This is now possible since we require SSE2. . [ Jeremy Bicha ] * Disable gamepad feature on Ubuntu since libmanette is in universe there. * Don't require libmanette on i386. webkit2gtk (2.48.5-1) unstable; urgency=high . * New upstream release. * The WebKitGTK security advisory WSA-2025-0005 lists the following security fixes in the latest versions of WebKitGTK: - CVE-2025-24189 (fixed in 2.48.0). - CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558 (fixed in 2.48.5). * debian/upstream/signing-key.asc: - Update Adrian Perez's PGP key. * debian/patches/fix-ftbfs-armv7.patch: - Fix arm build. wike (3.1.1-1+deb13u1) trixie; urgency=medium . * Add cherry-picked upstream patch setting correct useragent (Closes: #1119977) wtmpdb (0.73.0-3+deb13u1) trixie; urgency=medium . * Rotate and prune logs using logrotate (Closes: #1094965) - patch to handle empty file reading - remove units and cron jobs for old (disabled) rotation solution - cause new and rotated files to keep permissions (Closes: #1076308) * Store logs in system log directory, /var/log (Closes: #1117719) * Remove logs on package purge * README.Debian: document new log handling xnote (4.5.48-1~deb13u1) trixie; urgency=medium . * Rebuild for upload after thunderbird 140.3 in trixie xorg (1:7.7+24+deb13u1) trixie; urgency=medium . * Team upload . [ Jochen Sprickerhof ] * 20x11-common_process-args: Only use the first word for command -v (Closes: #1094494) xorg-server (2:21.1.16-1.3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * present: Fix use-after-free in present_create_notifies() (CVE-2025-62229) * xkb: Make the RT_XKBCLIENT resource private (CVE-2025-62230) * xkb: Free the XKB resource when freeing XkbInterest (CVE-2025-62230) * xkb: Prevent overflow in XkbSetCompatMap() (CVE-2025-62231) xssproxy (1.0.0-1+deb13u1) trixie; urgency=medium . * Add listen-path.patch, listening on object path /org/freedesktop/ScreenSaver too (Closes: #1092965) * Add cookie-not-zero.patch, avoiding problem with xdg-desktop-portal-gtk (Closes: #1115458) ====================================== Sat, 06 Sep 2025 - Debian 13.1 released ====================================== aide (0.19.1-2+deb13u1) trixie-security; urgency=high . * Apply upstream patch to escape control characters in report and log output (CVE-2025-54389) * Apply upstream patch to fix null pointer dereference after reading incorrectly encoded xattr attributes from database (CVE-2025-54409) auto-apt-proxy (16.8+deb13u1) trixie; urgency=medium . * Check explicitly configured proxies before network gateway (Closes: #1108265) * Add trixie-specific gbp.conf base-files (13.8+deb13u1) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.1 point release. chromium (139.0.7258.154-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. chromium (139.0.7258.154-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. * d/patches/bookworm/stdarch-arm.patch: drop to fix FTBFS on arm64 with newer rustc-web. chromium (139.0.7258.138-1) unstable; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.138-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.138-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.127-2) unstable; urgency=high . * d/patches: - bookworm/adler1.patch: drop, rustc in sid is now new enough for adler2. Also move it into trixie/adler1.patch. - bookworm/libxml-parseerr.patch: drop, libxml in sid is upgraded. Also move it to trixie/libxml-parseerr.patch. * d/control: update build-deps to require rust >= 1.86, libxml >= 2.14. chromium (139.0.7258.127-1) unstable; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. chromium (139.0.7258.127-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. . chromium (139.0.7258.66-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: Replace elfutils build-dep with llvm-19 for switch to llvm-strip. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes chromium (139.0.7258.127-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. chromium (139.0.7258.66-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: Replace elfutils build-dep with llvm-19 for switch to llvm-strip. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes chromium (139.0.7258.66-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: - Replace elfutils build-dep with llvm-19 for switch to llvm-strip. - Update rustc-web build-dep to >= 1.84. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. - bookworm/gn-absl.patch: refresh. - bookworm/rust-is-none-or.patch: drop, thanks to newer rustc-web. - bookworm/rust-unstable-features.patch: drop - newer rustc-web. - bookworm/bubble-contents.patch: drop, no longer needed. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes courier (1.4.1-3+deb13u1) trixie; urgency=medium . * Add debian/courier-webadmin.init and debian/courier-webadmin.service (closes: #1111836). * Add debian/tests/smoke-webadmin. * Add debian/courier-webadmin.links to create a cgi-bin link. * Add debian/patches/webadmin-restart-commands.patch. * debian/control: Add "Pre-Depends: ${misc:Pre-Depends}". * debian/courier.base.postinst: - Remove the dpkg-statoverride for /var/lib/courier, which diverged from upstream and caused problems with webadmin. * debian/courier-base.postrm: Remove the deletion of the dpkg-statoverride for /var/lib/courier. * debian/courier-webadmin.config: Remove the courier-webadmin/install-cgi section. * debian/courier-webadmin.dirs: Remove the unnecessary etc/courier/webadmin entry. * debian/courier-webadmin.install: - Install the new etc/courier/webadmin/restartcmd. - Install /etc/courier/webadmin/password. * debian/courier-webadmin.postinst: - Remove the processing of the now-removed install-cgi debconf question. - Stop manually creating and setting permissions for /etc/courier/webadmin/password. - Add a dpkg-statoverride for /etc/courier/webadmin/password. * debian/courier-webadmin.postrm: - Remove the processing of the now-removed install-cgi debconf question. - Remove the webadmin socket on purge if it was left behind by the service. - Remove the dpkg-statoverride for /etc/courier/webadmin/password on purge. * debian/courier-webadmin.README.Debian: - Refactor to reflect the new, non-SUID webadmin architecture. - Add information about enabling cgi-bin symlinks. * debian/courier-webadmin.templates: Remove obsolete install-cgi question. The link is now created automatically on install. * debian/rules: Create an empty /etc/courier/webadmin/password file. * debian/tests/control: Enable the smoke-webadmin test. debian-installer (20250803+deb13u1) trixie; urgency=medium . * Bootstrap trixie stable branch: - Set USE_PROPOSED_UPDATES=1 in debian/rules - Set USE_UDEBS_FROM?=trixie in build/config/common * Bump Linux kernel ABI to 6.12.43+deb13. * Adjust linux-image build-deps accordingly. * Add a workaround for a GRUB graphics initialisation bug (#1110759): adding a simple text output before switching terminal_output to gfxterm makes the graphical display work on older machines. With many thanks to Fab Stz for drawing our attention to this problem and the proposed workaround. debian-installer-netboot-images (20250803+deb13u1) trixie; urgency=medium . * Update to 20250803+deb13u1, from trixie-proposed-updates. * Update DISTRIBUTION and DISTRIBUTION_FALLBACK for the trixie branch. debian-installer-netboot-images (20250803) unstable; urgency=medium . [ Holger Levsen ] * Fix missing build dependency on apt, thanks to Jochen Sprickerhof (Closes: #1099535). Packages which are installed on the buildds but which are not listed in Build-Depends are not recorded in .buildinfo files. Thus rebuilding (e.g. on reproduce.debian.net) then fails. . [ Cyril Brulebois ] * Update supported architectures: - Delete mips64el * Clean debian/rules: - Delete (unused and incomplete) UNSUPPORTED_ARCHITECTURES. * Update for D-I Trixie RC 3. desktop-base (13.0.4) trixie; urgency=medium . [ Aurélien COUDERC ] * Fix ceratopsian-theme’s plymouth password/fsck prompts off-center on multi-monitor mixed-resolution set-ups. Thanks Shaun Lewis for the patch. (Closes: #1110858) devscripts (2.25.15+deb13u1) trixie; urgency=medium . * Team upload. * Update branch in gbp.conf & Vcs-Git URL. * debchange: trixie is now stable, forky is testing. dpdk (24.11.3-1~deb13u1) trixie; urgency=medium . * Upload to trixie . dpdk (24.11.3-1) unstable; urgency=medium . * New upstream release 24.11.3. For a full list of changes in 24.11.3 see: https://doc.dpdk.org/guides/rel_notes/release_24_11.html ethtool (1:6.14.2-1) trixie; urgency=medium . * New upstream release: 6.14.2 . [ Salvatore Bonaccorso ] * debian/salsa-ci.yml: Set release to trixie * netlink: fix print_string when the value is NULL firebird3.0 (3.0.12.ds7-13+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference (Closes: #1111321) firebird4.0 (4.0.5.3140.ds6-17+deb13u1) trixie-security; urgency=medium . * cherry pick fix for CVE-2025-54989 from upstream (Closes: #1111320) * cherry pick fix for CVE-2025-24975 from upstream (Closes: #1111322) * switch debian-branch to debian/trixie-security in gbp.conf firefox-esr (128.14.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. firefox-esr (128.14.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. flvstreamer (2.1c1-2+deb13u1) trixie; urgency=medium . * debian/gbp.conf: Work in debian/trixie branch * Revert "Build and install all programs of `progs` target in Makefile (Closes: #1098981) galera-4 (26.4.23-0+deb13u1) trixie; urgency=medium . * New upstream release 26.4.23. Includes multiple bug fixes, see https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.23.txt * Drop patch to fix garbd's -w/WORK_DIR parameter that is now applied upstream galera-4 (26.4.23-0+deb12u1) bookworm; urgency=medium . * New upstream release 26.4.23. Includes multiple bug fixes, see https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.23.txt https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.22.txt https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.21.txt * New upstream release fixes garbd's -w/WORK_DIR parameter (Closes: #1088076) git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 glib2.0 (2.84.4-3~deb13u1) trixie; urgency=medium . * Go back to debian/trixie branch for a stable update * d/tests/manual/1065022.sh: Update manual test script used to reproduce and test fixes for #1065022 - Adapt to upgrade from bookworm to trixie, rather than bookworm to sid - Optionally reproduce #1110696 instead - Optionally test the extra safety checks in the postrm - Add a simpler mechanism to test proposed packages for either bookworm or trixie - Improve diagnostic output . glib2.0 (2.84.4-3) unstable; urgency=medium . * d/control: Generate the intended Provides in libgirepository-2.0-0 . glib2.0 (2.84.4-2) unstable; urgency=medium . * Mention #1110640 in previous changelog entry * libgirepository-2.0-0: Generate a dependency on a virtual package for libffi-related symbols, to avoid trouble during future libffi ABI transitions (Closes: #1110825) * libglib2.0-0t64: Make maintainer scripts shellcheck-clean * libglib2.0-0t64.postrm: - Refactor to use functions that early-return if we do not want to do the cleanup, avoiding stacking conditionals - Don't remove cache files if they would be non-empty, guarding against issues similar to #1065022 and #1110696 (mitigates: #1110696) * libglib2.0-0t64.preinst: Disarm libglib2.0-0 postrm for all architectures, avoiding a corner case where the faulty postrm that suffered from #1065022 would still exist if it belonged to a former foreign architecture that was already disabled, but libglib2.0-0 from that architecture was still in removed-but-not-purged state, resulting in #1065022 recurring when that version of libglib2.0-0 was subsequently purged (Closes: #1110696) * d/tests/1065022-futureproofing: - Fix a test regression by generating a versioned Provides when building a mockup of a hypothetical future libglib2.0-0xyz. This regression wasn't immediately obvious because the autopkgtest is marked as flaky (it depends on various implementation details which we can't completely rely on). - Make sure required packages stay installed, failing the test early if their dependencies cannot be satisfied - Produce only TAP output on stdout, and a diagnostic log on stderr - Improve diagnostic output . glib2.0 (2.84.4-1) unstable; urgency=medium . * d/control, d/gbp.conf: Use debian/forky packaging branch. The debian/latest branch is now tracking 2.85.x for Debian experimental. * New upstream stable release - Ensure that generating temporary file names does not access memory outside the intended array of alphanumeric characters if a long-running program generates billions of temporary file names (CVE-2025-7039, glib#3716 upstream; believed to be unlikely to be exploitable in practice. Closes: #1110640) - Fix the intended ability for g_settings_bind_with_mapping_closures() to copy a value to the destination object (glib!4667 upstream) - If creating a thread pool fails, report a recoverable error instead of crashing with a fatal error (glib#3712 upstream) - Fix several memory leaks (glib#3721, glib!4702 upstream) glib2.0 (2.84.4-2) unstable; urgency=medium . * Mention #1110640 in previous changelog entry * libgirepository-2.0-0: Generate a dependency on a virtual package for libffi-related symbols, to avoid trouble during future libffi ABI transitions (Closes: #1110825) * libglib2.0-0t64: Make maintainer scripts shellcheck-clean * libglib2.0-0t64.postrm: - Refactor to use functions that early-return if we do not want to do the cleanup, avoiding stacking conditionals - Don't remove cache files if they would be non-empty, guarding against issues similar to #1065022 and #1110696 (mitigates: #1110696) * libglib2.0-0t64.preinst: Disarm libglib2.0-0 postrm for all architectures, avoiding a corner case where the faulty postrm that suffered from #1065022 would still exist if it belonged to a former foreign architecture that was already disabled, but libglib2.0-0 from that architecture was still in removed-but-not-purged state, resulting in #1065022 recurring when that version of libglib2.0-0 was subsequently purged (Closes: #1110696) * d/tests/1065022-futureproofing: - Fix a test regression by generating a versioned Provides when building a mockup of a hypothetical future libglib2.0-0xyz. This regression wasn't immediately obvious because the autopkgtest is marked as flaky (it depends on various implementation details which we can't completely rely on). - Make sure required packages stay installed, failing the test early if their dependencies cannot be satisfied - Produce only TAP output on stdout, and a diagnostic log on stderr - Improve diagnostic output glib2.0 (2.84.4-1) unstable; urgency=medium . * d/control, d/gbp.conf: Use debian/forky packaging branch. The debian/latest branch is now tracking 2.85.x for Debian experimental. * New upstream stable release - Ensure that generating temporary file names does not access memory outside the intended array of alphanumeric characters if a long-running program generates billions of temporary file names (CVE-2025-7039, glib#3716 upstream; believed to be unlikely to be exploitable in practice) - Fix the intended ability for g_settings_bind_with_mapping_closures() to copy a value to the destination object (glib!4667 upstream) - If creating a thread pool fails, report a recoverable error instead of crashing with a fatal error (glib#3712 upstream) - Fix several memory leaks (glib#3721, glib!4702 upstream) gnome-control-center (1:48.4-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set packaging branch for trixie stable updates . gnome-control-center (1:48.4-1) unstable; urgency=medium . * Team upload * d/control, d/gbp.conf, d/watch: Limit to 48.x versions. We'll stick to 48.x in testing/unstable for now, to get better testing for 48.x updates in trixie later. * New upstream stable release - In the Power panel, move the General section to the top, avoiding a UI reflow when the notice recommending automatic suspend is shown or hidden (gnome-control-center#3373 upstream) - Disable Pango markup when displaying errors from gnome-online-accounts, fixing display of some error messages that contain URLs - Translation updates gnome-online-accounts (3.54.5-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release with these fixes (Closes: #1111674): - Adding GOA account fails with sonic.net IMAP service - Cannot add a ProtonMail bridge with IMAP + TLS - Nextcloud login does not work anymore due to OPTIONS /login request - Linked online accounts no longer work - Invalid URI when adding Google account - goamsgraphprovider: ensure a valid PresentationIdentity - goadaemon: complete GTasks to avoid a scary debug warning - Fix Nextcloud and mailbox.org preconfiguration - Add DAV preconfig for mail.ru - Authentication failure in goa IMAP accounts - Handle unexpected casing in domain names - Various translations updates * debian/gbp.conf: branch for trixie gnome-online-accounts (3.54.3-2) experimental; urgency=medium . * Disable Microsoft provider (Closes: #1100711) - It only handles email but Microsoft 365 handles email, calendar, contacts, and files - It was removed from GNOME 49 gnome-online-accounts (3.54.3-1) experimental; urgency=medium . * New upstream bugfix release gnome-shell (48.4-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set packaging branch for trixie stable updates . gnome-shell (48.4-1) unstable; urgency=medium . * Team upload * New upstream stable release - network: If a network has no ID, don't treat it as available, avoiding breaking the network menu (gnome-shell!3785 upstream) - Improve URL recognition heuristic for notifications so that non-URLs do not become a link (gnome-shell#8517 upstream) - In gdm, improve efficiency of user list (gnome-shell!3799 upstream) - Fix signal order when taking a screenshot interactively is triggered via D-Bus, for example from xdg-desktop-portal (gnome-shell#8499 upstream) - Improve cursor scaling on systems with different-DPI monitors when using the Magnifier accessibility tool (gnome-shell!475 upstream) - In sliders like volume and brightness, avoid drawing part of the bar over the handle in RTL locales (gnome-shell!3817 upstream) - Improve robustness of signal connections in the Thunderbolt and smart-card code (gnome-shell!3796 upstream) - Code cleanups in extensions management service (part of gnome-shell!3750 upstream) - Translation updates * d/control: Bump gjs version to 1.81.2 as per meson.build. No practical effect, 1.82.x is already in trixie. * d/gbp.conf: Use debian/forky branch for uploads targeting forky. We'll stick to 48.x in testing/unstable for now, to get better testing for future 48.x updates in trixie. Preliminary 49.x packaging for experimental is already using the debian/latest branch. golang-github-gin-contrib-cors (1.4.0-1+deb13u1) trixie; urgency=medium . * CVE-2019-25211 fix handling of wildcards golang-github-gin-contrib-cors (1.4.0-1+deb12u1) bookworm; urgency=medium . * CVE-2019-25211 fix handling of wildcards gssdp (1.6.4-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release - Improve reproducibility of gssdp-enums.c - Fix issues with Since: and Deprecated: declarations in documentation (Closes: #1111683) imagemagick (8:7.1.1.43+dfsg1-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-53014: A heap buffer overflow was found in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). (Closes: #1109339) * Fix CVE-2025-53015: Infinite loop occur when writing during a specific XMP file conversion command (Closes: #1109339) * Fix CVE-2025-53019: `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak (Closes: #1109339) * Fix CVE-2025-53101: `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()` (Closes: #1109339) * Fix CVE-2025-43965: In MIFF image processing, image depth is mishandled after SetQuantumFormat is used. * Fix CVE-2025-46393: In multispectral MIFF image processing, packet_size is mishandled. init-system-helpers (1.69~deb13u1) trixie; urgency=medium . * Upload to trixie . init-system-helpers (1.69) unstable; urgency=medium . * Add postinst to hotfix an upgrade bug on certain newly live-installed systems built using Trixie's live-build (Closes: #1111039) installation-guide (20250803+deb13u1) trixie; urgency=medium . * Add Ukrainian (new translation) and Hungarian (re-completed) to langlist, to make them appear in the package and on the website. * Fix boot-dev-select-arm64 and armhf-armmp-supported-platforms hyperlinks. iperf3 (3.18-2+deb13u1) trixie; urgency=high . * Fix no-dsa security issues: - CVE-2025-54349 - CVE-2025-54350 kamailio (6.0.1-1+deb13u1) trixie; urgency=medium . * Team upload * Check only major OpenSSL version (Closes: #1110867) libadwaita-1 (1.7.6-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release 1.7.5 - Explicitly set the size of a custom avatar image, avoiding a regression with GTK 4.19.x (libadwaita!1492 upstream) - Always set the document font name, even if all of the debug environment variables ADW_DEBUG_HIGH_CONTRAST, ADW_DEBUG_COLOR_SCHEME and DEBUG_ACCENT_COLOR are set (libadwaita#1042 upstream) - Slightly increase the window border radius for AdwTabOverview (libadwaita!1489 upstream) - Fix an assertion failure when showing a "toast" notification while its hiding animation is still in progress (libadwaita#997 upstream) - Fix some memory leaks - CI updates, not relevant to how this package is built in Debian * New upstream bugfix release 1.7.6 (Closes: #1111847) - Make cancelling an alert dialog go through the same code path as the user interacting with it (libadwaita!1511 upstream) - Avoid type-check warnings when a dialog is presented as a window (libadwaita!1519 upstream) - Fix keyboard activation on AdwButtonRow inside AdwDialog presented as a window (libadwaita#1062 upstream) - Crash with a somewhat graceful assertion error if a layout slot is invalidly constructed without an ID, instead of segfaulting (libadwaita#1059 upstream) - Fix a memory leak (libadwaita#1067 upstream) - Avoid AdwNavigationPage "showing" and "hidden" signals being spuriously triggered when swiping left on a touchscreen (libadwaita#1065 upstream) - Make tab overview buttons easier to press on touchscreens (libadwaita#1039 upstream) - Fix scan-build warnings by programming more defensively (libadwaita!1517 upstream) - Remove some dead code (libadwaita!1521 upstream) * debian/gbp.conf: branch for trixie libcgi-simple-perl (1.282-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie . libcgi-simple-perl (1.282-1) unstable; urgency=medium . * Team upload. * Import upstream version 1.282. - Sanitize all user-supplied values before inserting into HTTP headers (CVE-2025-40927) * Drop "Port latest header-injection refinement from CGI.pm" libcoap3 (4.3.4-1.1+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-0962 (Closes: #1061704) fix stacked-based buffer overflow * CVE-2024-31031 (Closes: #1070362) fix unsigned integer overflow libreoffice (4:25.2.3-2+deb13u2) trixie; urgency=medium . * debian/patches/avmedia-qt-use-gstreamer-frame-grabber-by-default.diff: add back * debian/patches/qt-Consolidate-to-one-toOUString-helper.diff: add from upstream; fixes --enable-qt6 builds with the above . * debian/rules: - remove USE_GSTREAMER=n setting on build-indep since it somehow also affects the AVMEDIA conditional which makes build-indep builds loose the gallery sound files (closes: #1108832), and move the gstreamer -dev packages from B-D-A to B-D consequently libreoffice (4:25.2.3-2+deb13u1) trixie; urgency=medium . * debian/patches/add-EUR-for-Bulgaria-Lew.diff: add Euro support for Bulgaria from libreoffice-25-8 branch (to-be 25.8.1) librepo (1.20.0-1~deb13u1) trixie; urgency=medium . * Upload to trixie . librepo (1.20.0-1) unstable; urgency=medium . * Improve handling of SELinux in the Debian packaging * Update upstream source from tag 'upstream/1.20.0' * Drop patches merged upstream * d/control: bump Standards-Version to 4.7.2, no changes * d/copyright: use GPL URL instead of old FSF postal address * Add new symbols to librepo0.symbols libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u1) trixie-security; urgency=high . * CVE-2025-7425: heap-use-after-free in xmlFreeID caused by `atype` corruption (Closes: #1109122) libxslt (1.1.35-1.2+deb13u1) trixie-security; urgency=medium . * Fix information disclosure with improved memory handling of generated-id() (Closes: #1108074, CVE-2023-40403) * Fix type confusion in xmlNode.psvi between stylesheet and source nodes (Closes: #1109123, CVE-2025-7424) linux (6.12.43-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux (6.12.41-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie linux-signed-amd64 (6.12.43+1) trixie; urgency=medium . * Sign kernel from linux 6.12.43-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux-signed-amd64 (6.12.41+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.41-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie linux-signed-arm64 (6.12.43+1) trixie; urgency=medium . * Sign kernel from linux 6.12.43-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux-signed-arm64 (6.12.41+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.41-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie live-boot (1:20250815~deb13u1) trixie; urgency=medium . * Upload to trixie . live-boot (1:20250815) unstable; urgency=medium . [ Roland Clobus ] * Don't verify with all checksum files . [ Luca Boccassi ] * Remove live-build's os-release on removal (Closes: #1111039) live-build (1:20250505+deb13u1) trixie; urgency=medium . * Remove os-release diversions once rootfs creation is finished (Closes: #1111039) * Install live-specific os-release only with --system live mame (0.276+dfsg.1-1+deb13u1) trixie; urgency=medium . * Build translations explicitly in the -build-indep target. Translations have been missing since the build was split (closes: #1109978). mariadb (1:11.8.3-0+deb13u1) trixie; urgency=medium . * New upstream maintenance release 11.8.3. For details about fixes please see https://mariadb.com/kb/en/mariadb-11-8-3-release-notes/ * Drop Hurd patches that are now included upstream * Update configuration traces to include new upstream system variables: - analyze-max-length (default: 4294967295) - innodb-linux-aio (default: auto) * Suppress new native AIO warning introduced in upstream a87bb96 to avoid mariadb-test-run failing on something that isn't a real issue * New upstream release includes fix for MDEV-36815 that yielded "ERROR 1267 (HY000): Illegal mix of collations" on some systems when restarting the MariaDB service in Debian (Closes: #1104533) * Remove obsolete cleanup as upstream moved pam_mariadb_mtr.so in c05b1fe * Salsa CI: Remove Buster upgrades and ignore missing Trixie ones * Start branch debian/13-trixie for stable updates mate-sensors-applet (1.26.0-1+deb13u1) trixie; urgency=medium . [ A Mennucc1 ] * NMU to fix: "Crashes on Trixie", thanks to Gleb Golubitsky (Closes: #1100414). mmdebstrap (1.5.7-1+deb13u1) trixie; urgency=medium . [ Jochen Sprickerhof ] * Support numeric UID in /etc/sub[ug]id . [ Johannes Schauer Marin Rodrigues ] * add test for numeric UID in /etc/sub[ug]id modemmanager (1.24.0-1+deb13u1) trixie; urgency=medium . * d/gbp.conf: target stable branch * d/patches: backport upstream fix for Fibocom FM350-GL (Closes: #1110197) mozjs128 (128.14.0-1~deb13u1) trixie; urgency=medium . * New upstream release (Closes: #1111591) - CVE-2025-9181: Uninitialized memory in the JavaScript Engine component - CVE-2025-9185: Memory safety bugs * Branch for trixie network-manager-openvpn (1.12.3-1~deb13u1) trixie; urgency=medium . * Switch debian-branch to debian/trixie * Rebuild for trixie network-manager-openvpn (1.12.2-2) unstable; urgency=medium . * Rename debian-branch to debian/latest as per DEP-14 network-manager-openvpn (1.12.2-1) unstable; urgency=medium . * New upstream version 1.12.2 * Bump Standards-Version to 4.7.2 nginx (1.26.3-3+deb13u1) trixie; urgency=medium . * d/p/CVE-2025-53859.patch add, fix potential information leak in ngx_mail_smtp_module (CVE-2025-53859). node-cipher-base (1.0.4-6+deb13u1) trixie-security; urgency=medium . * Team upload * Add patch to return valid values on multi-byte-wide TypedArray input (Closes: #1111772: node-cipher-base: CVE-2025-9287) node-cipher-base (1.0.4-6+deb12u1) bookworm-security; urgency=medium . * Team upload * Add patch to return valid values on multi-byte-wide TypedArray input (Closes: #1111772: node-cipher-base: CVE-2025-9287) node-tmp (0.2.2+dfsg+~0.2.3-1.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . node-tmp (0.2.2+dfsg+~0.2.3-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54798: Arbitrary file write (Closes: #1110532) node-tmp (0.2.2+dfsg+~0.2.3-1.1~deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm. . node-tmp (0.2.2+dfsg+~0.2.3-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54798: Arbitrary file write (Closes: #1110532) open-iscsi (2.1.11-1+deb13u1) trixie; urgency=medium . * [f3d17cf] initramfs: ensure that /var/lib exists. Thanks to Leon Blakey (Closes: #1103644) openjpeg2 (2.5.3-2.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . openjpeg2 (2.5.3-2.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header() (Closes: #1110443) orca (48.1-1+deb13u1) trixie; urgency=medium . * control: Add python3-setproctitle and python3-psutil dependencies. orphan-sysvinit-scripts (0.21+deb13u1) trixie; urgency=high . * Make mdadm scripts trigger on mdmonitor.service, mdmon@.service, since mdadm.service got removed (Closes: #1110746) pcre2 (10.46-1~deb13u1) trixie; urgency=high . * New upstream release to fix CVE-2025-58050 (Closes: #1112278) postfix (3.10.4-1~deb13u1) trixie; urgency=medium . * New upstream stable/bugfix version 3.10.4, with a handful of fixes. From the upstream release notes: - Fixes for postscreen(8): * Bugfix (defect introduced: Postfix 2.2, date 20050203): after detecting a lookup table change, and after starting a new postscreen process, the old postscreen process logged an ENOTSOCK error while attempting to accept a connection on a socket that it was no longer listening on. This error was introduced first in the multi_server skeleton code, and was five years later duplicated in the event_server skeleton that was created for postscreen. Problem reported by Florian Piekert. * Bugfix (defect introduced: Postfix 2.8, date 20101230): after detecting a cache table change and before starting a new postscreen process, the old postscreen process did not close the postscreen_cache_map, and therefore kept an exclusive lock that could prevent a new postscreen process from starting. Problem reported by Florian Piekert. - Fixes for tlsproxy(8): * Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support for the legacy configuration parameters tlsproxy_client_level and tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a legacy parameter was set (instead of the newer tlsproxy_client_security_level or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor Dukhovni. * Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by configuration, the tlsproxy daemon dereferenced a null pointer while handling a tlsproxy client request. Reported by John Doe. - Reducing process churn: Postfix daemons no longer automatically restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when they opened that table for writing. - Portability: deleted an build dependency, because the feature is being removed from OpenSSL, and Postfix no longer needs it. - Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer maintain TLSRPT statistics for messages that contain a "TLS-Required: no" header. This can prevent TLSRPT notifications for TLSRPT notifications. - Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS client code logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection" (right), for a new or resumed TLS session, when a server offered a trusted (valid PKI trust chain) certificate that did not match the expected server name pattern. Fix by Viktor Dukhovni. * d/gbp.conf: debian-branch=debian/trixie * configure-instance.in: fix typo * configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs * configure-instance.in: use home-grown file copy procedure to sync chroot There are a few issues with using cp(1) to update files in chroot, - a file should be copied even if the source date is *less* than the target date (eg, if a package has been downgraded), which is not done by `cp -u` (#1110704), a file should be copied atomically (copy+rename, not truncate+copy), and care should be taken with extra attributes (#1100100). Use a simple perl-based script (using just perl-base) to update files instead, which fixes all this stuff. (Closes: #1100100, #1110704) postfix (3.10.3-3) unstable; urgency=medium . * configure-instance.in: fix typo * configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs * configure-instance.in: use home-grown file copy procedure to sync chroot There are a few issues with using cp(1) to update files in chroot, - a file should be copied even if the source date is *less* than the target date (eg, if a package has been downgraded), which is not done by `cp -u` (#1110704), a file should be copied atomically (copy+rename, not truncate+copy), and care should be taken with extra attributes (#1100100). Use a simple perl-based script (using just perl-base) to update files instead, which fixes all this stuff. (Closes: #1100100, #1110704) postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. ptyxis (48.5-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set branches for trixie stable updates . ptyxis (48.5-1) unstable; urgency=medium . * Team upload * New upstream bugfix release - When saving tab state, if the terminal does not have a title, save the tab's initial title instead (ptyxis#428 upstream) - Use the same code for menu -> Show Open Tabs -> New Tab that was already used for Menu -> New Tab, fixing propagation of zoom settings to the newly created tab (ptyxis#435 upstream) - Don't try to chdir() to a working directory that does not have +x permission - Use g_set_str() for less error-prone property setting - Ensure that interface-style action isn't freed prematurely, and explicitly remove it when the window is destroyed, fixing a possible use-after-free when switching between dark and light modes (ptyxis#440 upstream) * Standards-Version: 4.7.2 (no changes required) pyraf (2.2.2-4~deb13u1) trixie; urgency=medium . * Fix graphical init for work with Python 3.13. Closes: #1110708 * Upload to stable qemu (1:10.0.3+ds-0+deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.3 release - hvf: arm: Emulate ICC_RPR_EL1 accesses properly - target/arm: Correct encoding of Debug Communications Channel registers https://gitlab.com/qemu-project/qemu/-/issues/2986 - ui: fix setting client_endian field defaults - hw/net/npcm_gmac.c: Send the right data for second packet in a row - target/i386: do not expose ARCH_CAPABILITIES on AMD CPU - i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] - i386/cpu: Fix overflow of cache topology fields in CPUID.04H - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - ui/vnc: Do not copy z_stream - vhost: Fix used memslot tracking when destroying a vhost device - roms: re-remove execute bit from hppa-firmware* - file-posix: Fix aio=reads performance regression after enablign FUA https://issues.redhat.com/browse/RHEL-96854 - amd_iommu: Fix truncation of oldval in amdvi_writeq - amd_iommu: Remove duplicated definitions - amd_iommu: Fix the calculation for Device Table size - amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE - amd_iommu: Fix masks for various IOMMU MMIO Registers - amd_iommu: Update bitmasks representing DTE reserved fields - amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command - amd_iommu: Fix Miscellaneous Information Register 0 encoding - virtio-net: Add queues for RSS during migration - net: fix buffer overflow in af_xdp_umem_create() - accel/kvm: Adjust the note about the minimum required kernel version - linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC - migration: Don't sync volatile memory after migration completes - linux-user: Hold the fd-trans lock across fork https://gitlab.com/qemu-project/qemu/-/issues/2846 - linux-user: Check for EFAULT failure in nanosleep - linux-user: Implement fchmodat2 syscall https://gitlab.com/qemu-project/qemu/-/issues/3019 - hw/arm/fsl-imx8mp: Wire VIRQ and VFIQ - target/arm: Don't enforce NSE,NS check for EL3->EL3 returns https://gitlab.com/qemu-project/qemu/-/issues/3016 - target/i386: fix TB exit logic in gen_movl_seg() when writing to SS https://gitlab.com/qemu-project/qemu/-/issues/2987 - target/arm: Fix bfdotadd_ebf vs nan selection - target/arm: Fix f16_dotadd vs nan selection - target/arm: Fix PSEL size operands to tcg_gen_gvec_ands - target/arm: Fix 128-bit element ZIP, UZP, TRN - target/arm: Fix sve_access_check for SME - target/arm: Fix SME vs AdvSIMD exception priority - hw/s390x/ccw-device: Fix memory leak in loadparm setter - virtio-gpu: support context init multiple timeline - target/arm: Correct KVM & HVF dtb_compatible value - target/arm: Make RETA[AB] UNDEF when pauth is not implemented - tcg: Fix constant propagation in tcg_reg_alloc_dup https://gitlab.com/qemu-project/qemu/-/issues/3002 - target/loongarch: fix vldi/xvldi raise wrong error - target/loongarch: add check for fcond - linux-user/arm: Fix return value of SYS_cacheflush - hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions - qemu-options.hx: Fix reversed description of icount sleep behavior - hw/arm/virt: Check bypass iommu is not set for iommu-map DT property - hw/loongarch/virt: Fix big endian support with MCFG table - hw/core/qdev-properties-system: Add missing return in set_drive_helper() - iotests: fix 240 - target/i386: Remove FRED dependency on WRMSRNS - hw/audio/asc: fix SIGSEGV in asc_realize() - audio: fix size calculation in AUD_get_buffer_size_out() - audio: fix SIGSEGV in AUD_get_buffer_size_out() - hw/i386/amd_iommu: Fix xtsup when vcpus < 255 - hw/i386/amd_iommu: Fix device setup failure when PT is on. - hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine - vhost: Don't set vring call if guest notifier is unused - hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info - ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats - ui/vnc: take account of client byte order in pixman format - ui/vnc.c: replace big endian flag with byte order value - ui/sdl: Consider scaling in mouse event handling - ui/gtk: Update scales in fixed-scale mode when rendering GL area - gtk/ui: Introduce helper gd_update_scale - ui/gtk: Use consistent naming for variables in different coordinates - ui/gtk: Document scale and coordinate handling - hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts - hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang * d/control.mk: 10.0.3+ds * d/gbp.conf: switch to debian/trixie branch * d/watch: switch to 10.0.x branch * qemu-img-options.patch: adjust help text for "convert" subcommand This patch has been accepted upstrem but without the new option, - do not mention it in help so debian users don't get used to it (the option is accepted still) * d/rules: fix typo in comment (it is qemu-system-data, not qemu-user-data) * d/qemu-user.postinst: trigger /usr/lib/binfmt.d (Closes: #1110982) qemu (1:10.0.2+ds-2+deb13u1) trixie-security; urgency=medium . * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration. qemu-user binaries were never meant to be used in suid/sgid scenarios, but was used in debian since late 2009. Any foreign suid/sgid binary accessible to the users, in presence of qemu-user binfmt, is trivially exploitable to gain elevated privileges. This change might break existing setups since for many years people relied on qemu-user binfmt working with suid binaries, but this is a situation where it is definitely better be safe than sorry. * pcie_sriov-Fix-configuration-and-state-synchronizati.patch (Closes: #1109989, CVE-2025-54566, CVE-2025-54567) qemu (1:10.0.2+ds-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports: - disable libblkio - realize pkg.qemu.use-upstream-vdso build profile - disable capstone for qemu-user on arm64 (fails to link) rabbitmq-server (4.0.5-6+deb13u1) trixie; urgency=medium . * Fix rabbitmq-server broken plugin versions by applying patch from the BTS. Thanks to Stefan Bühler for it (Closes: #1110519). . [ Andreas Hasenack ] * Add many autopkgtest. remind (05.03.07-1+deb13u1) trixie; urgency=medium . * fixes buffer overflow in DUMPVARS (Closes: #1111581) renpy (8.3.4+dfsg-2+deb13u1) trixie; urgency=medium . * Fix fonts-roboto -> fonts-robot-hinted breakage (Closes: #1111365) resource-agents (1:4.16.0-3+deb13u1) trixie; urgency=medium . * debian/patches: fix to avoid duplicate route issues (Closes: #1109925) rkward (0.8.0-4.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . rkward (0.8.0-4.1) unstable; urgency=medium . * Non-maintainer upload. * Backport upstream fixes for R 4.5. (Closes: #1103204) . rkward (0.8.0-4) unstable; urgency=medium . * Team upload. * Bump Standards-Version to 4.7.2, no changes required. * Simplify GPL license text in debian/copyright. * Use the system version of kdsingleapplication: - backport upstream commit 997c8a7280fe0f99a29465f67b56fd001cdac4e1; patch upstream_Make-it-possible-to-build-against-system-kdsingleapp.patch - add the libkdsingleapplication-qt6-dev build dependency rkward (0.8.0-4) unstable; urgency=medium . * Team upload. * Bump Standards-Version to 4.7.2, no changes required. * Simplify GPL license text in debian/copyright. * Use the system version of kdsingleapplication: - backport upstream commit 997c8a7280fe0f99a29465f67b56fd001cdac4e1; patch upstream_Make-it-possible-to-build-against-system-kdsingleapp.patch - add the libkdsingleapplication-qt6-dev build dependency samba (2:4.22.4+dfsg-1~deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 - https://bugzilla.samba.org/show_bug.cgi?id=15663: Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine) - https://bugzilla.samba.org/show_bug.cgi?id=15816: vfs_streams_depot fstatat broken - https://bugzilla.samba.org/show_bug.cgi?id=15840: kinit command is failing with Missing cache Error - https://bugzilla.samba.org/show_bug.cgi?id=15844: getpwuid does not shift to new DC when current DC is down - https://bugzilla.samba.org/show_bug.cgi?id=15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName - https://bugzilla.samba.org/show_bug.cgi?id=15877: Fix handling of empty GPO link - https://bugzilla.samba.org/show_bug.cgi?id=15880: SMB ACL inheritance doesn't work for files created - https://bugzilla.samba.org/show_bug.cgi?id=15881: Unresponsive second DC can cause idmapping failure when using idmap_ad (was libads-fix-get_kdc_ip_string.patch) - https://bugzilla.samba.org/show_bug.cgi?id=15891: Figuring out the DC name from IP address fails and breaks fork_domain_child() - https://bugzilla.samba.org/show_bug.cgi?id=15892: Delayed leader broadcast can block ctdb forever * libads-fix-get_kdc_ip_string.patch: remove, included upstream * d/gbp.conf: debian-branch=debian/4.22 sbuild (0.89.3+deb13u1) trixie; urgency=medium . [ Richard Lewis ] * man/sbuild.1.in: fix typo in markup . [ Hiraku Toyooka ] * Allow BUILD_PATH being empty also in command line options . [ Jochen Sprickerhof ] * Fix typo in help string * Support UID in /etc/sub(u|g)id (Closes: #1110876) * Fix build path permissions when building as root * Always append newline in binNMU changelog. Thanks to mjt (Closes: #1111776) shaarli (0.14.0+dfsg-2) trixie; urgency=medium . * Add patch to fix CVE-2025-55291 (Closes: #1111589) sound-theme-freedesktop (0.8-6~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Branch for trixie * Rebuild for trixie sound-theme-freedesktop (0.8-5) experimental; urgency=medium . * debian/sound-theme-freedesktop.links: - Link front-center sample to audio-channel-mono so that testing a mono bluetooth speaker plays a real sound rather than just white noise. (LP #1703946) strongswan (6.0.1-6+deb13u1) trixie; urgency=medium . * d/patches: add patches to fix OpenSSL 3.5.1 support (Closes: #1109942) systemd (257.8-1~deb13u1) trixie; urgency=medium . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 systemd-boot-efi-amd64-signed (257.8+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u1 . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 systemd-boot-efi-arm64-signed (257.8+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u1 . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 thunar (4.20.2-1+deb13u1) trixie; urgency=medium . * d/patches: add fix to always warn users before permanente deletion (Closes: #1110905) thunderbird (1:128.14.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:128.14.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security timescaledb (2.19.3+dfsg-1+deb13u1) trixie; urgency=medium . * Disable append test, fails with PG 17.6. (Closes: #1112190) transmission (4.1.0~beta2+dfsg-3+deb13u1) trixie; urgency=medium . * fix GTK app crash when LANG=fr (Closes: #1108194, #1110257) tzdata (2025b-4+deb13u1) trixie; urgency=medium . * Backport leap second update from upstream udisks2 (2.10.1-12.1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) webkit2gtk (2.48.5-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. webkit2gtk (2.48.5-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. wolfssl (5.7.2-0.1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-7394: weak/predictable random numbers. (Closes: #1109549) ========================================================================= [Date: Sat, 06 Sep 2025 08:59:27 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: guix | 1.4.0-9 | source, amd64, arm64, armhf, i386, ppc64el, riscv64 Closed bugs: 1112248 ------------------- Reason ------------------- RoM; unsupportable; security issues ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:06 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x cdrom-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x crypto-dm-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x crypto-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x dasd-extra-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x dasd-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x ext4-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x f2fs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x fat-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x isofs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x kernel-image-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x linux-headers-6.12.41+deb13-s390x | 6.12.41-1 | s390x linux-image-6.12.41+deb13-s390x | 6.12.41-1 | s390x linux-image-6.12.41+deb13-s390x-dbg | 6.12.41-1 | s390x loop-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x md-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x mtd-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x multipath-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x nbd-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x nic-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x scsi-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x scsi-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x udf-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x xfs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 btrfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 cdrom-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 crypto-dm-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 crypto-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 drm-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ext4-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 f2fs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 fat-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 fb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 input-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 isofs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 jfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 kernel-image-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 linux-headers-6.12.41+deb13-riscv64 | 6.12.41-1 | riscv64 linux-image-6.12.41+deb13-riscv64 | 6.12.41-1 | riscv64 linux-image-6.12.41+deb13-riscv64-dbg | 6.12.41-1 | riscv64 loop-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 md-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mmc-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mmc-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mtd-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 multipath-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nbd-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-shared-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-usb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-wireless-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 pata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ppp-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 sata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-nic-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 squashfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 udf-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-serial-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-storage-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 xfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:45 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-amd64 | 6.12.41-1 | amd64 linux-headers-6.12.41+deb13-cloud-amd64 | 6.12.41-1 | amd64 linux-headers-6.12.41+deb13-rt-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64-unsigned | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64-unsigned | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64-unsigned | 6.12.41-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:18 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.41+deb13 | 6.12.41-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:36 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-arm64 | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-arm64-16k | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-cloud-arm64 | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-rt-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64-unsigned | 6.12.41-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:50 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-rpi | 6.12.41-1 | armel linux-image-6.12.41+deb13-rpi | 6.12.41-1 | armel linux-image-6.12.41+deb13-rpi-dbg | 6.12.41-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:02 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf btrfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf cdrom-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf crypto-dm-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf crypto-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf drm-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ext4-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf f2fs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf fat-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf fb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf input-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf isofs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf jfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf kernel-image-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-armmp | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-armmp-lpae | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-rt-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-dbg | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-lpae | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-lpae-dbg | 6.12.41-1 | armhf linux-image-6.12.41+deb13-rt-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-rt-armmp-dbg | 6.12.41-1 | armhf loop-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf md-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf mmc-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf mtd-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf multipath-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nbd-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-shared-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-usb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-wireless-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf pata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ppp-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf sata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-nic-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf sound-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf speakup-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf squashfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf udf-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf uinput-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-serial-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-storage-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:17 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el btrfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el cdrom-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el crypto-dm-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el crypto-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el drm-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ext4-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el f2fs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el fat-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el fb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el firewire-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el hypervisor-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el input-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el isofs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el jfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el kernel-image-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el linux-headers-6.12.41+deb13-powerpc64le | 6.12.41-1 | ppc64el linux-headers-6.12.41+deb13-powerpc64le-64k | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-64k | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-64k-dbg | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-dbg | 6.12.41-1 | ppc64el loop-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el md-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el mtd-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el multipath-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nbd-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-shared-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-usb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-wireless-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ppp-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el sata-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-nic-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el serial-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el squashfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el udf-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el uinput-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-serial-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-storage-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el xfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:33 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 btrfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 cdrom-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 crypto-dm-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 crypto-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 drm-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ext4-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 f2fs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 fat-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 fb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 firewire-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 input-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 isofs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 jfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 kernel-image-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64 | 6.12.41-1 | amd64 loop-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 md-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mmc-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mmc-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mtd-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 multipath-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nbd-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-pcmcia-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-shared-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-usb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-wireless-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pcmcia-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pcmcia-storage-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ppp-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 rfkill-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 sata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-nic-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 serial-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 sound-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 speakup-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 squashfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 udf-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 uinput-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-serial-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-storage-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 xfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:46 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 btrfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 cdrom-core-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 crypto-dm-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 crypto-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ext4-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 f2fs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 fat-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 fb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 input-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 isofs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 jfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 kernel-image-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64 | 6.12.41-1 | arm64 loop-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 md-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 mmc-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 multipath-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nbd-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-shared-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-usb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-wireless-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ppp-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 sata-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-core-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-nic-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 sound-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 speakup-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 squashfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 udf-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 uinput-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-serial-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-storage-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 xfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:16:14 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-common | 6.12.41-1 | all linux-headers-6.12.41+deb13-common-rt | 6.12.41-1 | all linux-support-6.12.41+deb13 | 6.12.41-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:18:47 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: debian-installer-13-netboot-mips64el | 20250515 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by debian-installer-netboot-images - based on source metadata) ---------------------------------------------- ========================================================================= ======================================= Sat, 09 Aug 2025 - Debian 13.0 released =======================================