====================================== Sat, 10 Jan 2026 - Debian 13.3 released ====================================== ========================================================================= [Date: Sat, 10 Jan 2026 10:01:39 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x cdrom-core-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x crypto-dm-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x crypto-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x dasd-extra-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x dasd-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x ext4-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x f2fs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x fat-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x isofs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x kernel-image-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x linux-headers-6.12.43+deb13-s390x | 6.12.43-1 | s390x linux-image-6.12.43+deb13-s390x | 6.12.43-1 | s390x linux-image-6.12.43+deb13-s390x-dbg | 6.12.43-1 | s390x loop-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x md-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x mtd-core-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x multipath-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x nbd-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x nic-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x scsi-core-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x scsi-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x udf-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x xfs-modules-6.12.43+deb13-s390x-di | 6.12.43-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:01:49 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 btrfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 cdrom-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 crypto-dm-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 crypto-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 drm-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 ext4-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 f2fs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 fat-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 fb-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 input-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 isofs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 jfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 kernel-image-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 linux-headers-6.12.43+deb13-riscv64 | 6.12.43-1 | riscv64 linux-image-6.12.43+deb13-riscv64 | 6.12.43-1 | riscv64 linux-image-6.12.43+deb13-riscv64-dbg | 6.12.43-1 | riscv64 loop-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 md-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 mmc-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 mmc-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 mtd-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 multipath-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nbd-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-shared-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-usb-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 nic-wireless-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 pata-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 ppp-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 sata-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 scsi-core-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 scsi-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 scsi-nic-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 squashfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 udf-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 usb-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 usb-serial-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 usb-storage-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 xfs-modules-6.12.43+deb13-riscv64-di | 6.12.43-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:01:59 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-amd64 | 6.12.43-1 | amd64 linux-headers-6.12.43+deb13-cloud-amd64 | 6.12.43-1 | amd64 linux-headers-6.12.43+deb13-rt-amd64 | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-amd64-dbg | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-amd64-unsigned | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-cloud-amd64-dbg | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-cloud-amd64-unsigned | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-rt-amd64-dbg | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-rt-amd64-unsigned | 6.12.43-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:32 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.43+deb13 | 6.12.43-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:41 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-arm64 | 6.12.43-1 | arm64 linux-headers-6.12.43+deb13-arm64-16k | 6.12.43-1 | arm64 linux-headers-6.12.43+deb13-cloud-arm64 | 6.12.43-1 | arm64 linux-headers-6.12.43+deb13-rt-arm64 | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-16k-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-16k-unsigned | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-unsigned | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-cloud-arm64-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-cloud-arm64-unsigned | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-rt-arm64-dbg | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-rt-arm64-unsigned | 6.12.43-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:49 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-rpi | 6.12.43-1 | armel linux-image-6.12.43+deb13-rpi | 6.12.43-1 | armel linux-image-6.12.43+deb13-rpi-dbg | 6.12.43-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:02:56 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf btrfs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf cdrom-core-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf crypto-dm-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf crypto-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf drm-core-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf ext4-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf f2fs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf fat-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf fb-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf input-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf isofs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf jfs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf kernel-image-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf linux-headers-6.12.43+deb13-armmp | 6.12.43-1 | armhf linux-headers-6.12.43+deb13-armmp-lpae | 6.12.43-1 | armhf linux-headers-6.12.43+deb13-rt-armmp | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp-dbg | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp-lpae | 6.12.43-1 | armhf linux-image-6.12.43+deb13-armmp-lpae-dbg | 6.12.43-1 | armhf linux-image-6.12.43+deb13-rt-armmp | 6.12.43-1 | armhf linux-image-6.12.43+deb13-rt-armmp-dbg | 6.12.43-1 | armhf loop-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf md-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf mmc-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf mtd-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf multipath-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nbd-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-shared-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-usb-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf nic-wireless-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf pata-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf ppp-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf sata-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf scsi-core-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf scsi-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf scsi-nic-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf sound-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf speakup-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf squashfs-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf udf-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf uinput-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf usb-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf usb-serial-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf usb-storage-modules-6.12.43+deb13-armmp-di | 6.12.43-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:03:04 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el btrfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el cdrom-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el crypto-dm-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el crypto-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el drm-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el ext4-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el f2fs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el fat-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el fb-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el firewire-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el hypervisor-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el input-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el isofs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el jfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el kernel-image-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el linux-headers-6.12.43+deb13-powerpc64le | 6.12.43-1 | ppc64el linux-headers-6.12.43+deb13-powerpc64le-64k | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le-64k | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le-64k-dbg | 6.12.43-1 | ppc64el linux-image-6.12.43+deb13-powerpc64le-dbg | 6.12.43-1 | ppc64el loop-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el md-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el mtd-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el multipath-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nbd-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-shared-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-usb-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el nic-wireless-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el ppp-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el sata-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el scsi-core-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el scsi-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el scsi-nic-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el serial-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el squashfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el udf-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el uinput-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el usb-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el usb-serial-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el usb-storage-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el xfs-modules-6.12.43+deb13-powerpc64le-di | 6.12.43-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:03:17 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 btrfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 cdrom-core-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 crypto-dm-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 crypto-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 ext4-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 f2fs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 fat-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 fb-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 input-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 isofs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 jfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 kernel-image-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64 | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-arm64-16k | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-cloud-arm64 | 6.12.43-1 | arm64 linux-image-6.12.43+deb13-rt-arm64 | 6.12.43-1 | arm64 loop-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 md-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 mmc-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 multipath-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nbd-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-shared-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-usb-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 nic-wireless-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 ppp-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 sata-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 scsi-core-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 scsi-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 scsi-nic-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 sound-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 speakup-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 squashfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 udf-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 uinput-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 usb-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 usb-serial-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 usb-storage-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 xfs-modules-6.12.43+deb13-arm64-di | 6.12.43-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:03:47 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.43+deb13-common | 6.12.43-1 | all linux-headers-6.12.43+deb13-common-rt | 6.12.43-1 | all linux-support-6.12.43+deb13 | 6.12.43-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 10 Jan 2026 10:04:09 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 btrfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 cdrom-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 crypto-dm-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 crypto-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 drm-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 ext4-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 f2fs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 fat-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 fb-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 firewire-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 input-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 isofs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 jfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 kernel-image-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-amd64 | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-cloud-amd64 | 6.12.43-1 | amd64 linux-image-6.12.43+deb13-rt-amd64 | 6.12.43-1 | amd64 loop-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 md-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 mmc-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 mmc-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 mtd-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 multipath-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nbd-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-pcmcia-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-shared-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-usb-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 nic-wireless-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 pata-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 pcmcia-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 pcmcia-storage-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 ppp-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 rfkill-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 sata-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 scsi-core-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 scsi-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 scsi-nic-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 serial-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 sound-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 speakup-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 squashfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 udf-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 uinput-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 usb-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 usb-serial-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 usb-storage-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 xfs-modules-6.12.43+deb13-amd64-di | 6.12.43-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64 - based on source metadata) ---------------------------------------------- ========================================================================= ansible (12.0.0+dfsg-0+deb13u1) trixie; urgency=medium . * d/watch: Track 12.0.x releases for trixie * New upstream version 12.0.0+dfsg, providing following security fixes: - cloudscale_ch.cloud: Validate API tokens before passing them to Ansible, to ensure that a badly formed one (i.e., one with newlines) is not accidentally logged. - community.general: keycloak_authentication - API calls did not properly set the priority during update resulting in incorrectly sorted authentication flows. - community.general: keycloak_client - Sanitize saml.encryption.private.key so it does not show in the logs * Remove cloud-common-flaky-test.patch (dropped upstream) * security fix: prevent keycloak_user from logging credentials (backported from ansible 12.2.0) ansible (12.0.0~b5+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b5+dfsg apache2 (2.4.66-1~deb13u1) trixie; urgency=medium . * Team upload * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200) * Update test framework apache2 (2.4.66-1~deb12u1) bookworm; urgency=medium . * Team upload * New upstream version (Closes: #1121926, CVE-2025-55753, CVE-2025-58098, CVE-2025-59775, CVE-2025-65082, CVE-2025-66200) * Update test framework apache2 (2.4.65-3) unstable; urgency=medium . * Change default LANG in envvars from C to C.UTF-8 (Closes: #787584) * systemd service apache2 is aliased to httpd (Closes: #915855) * document a2* environment files in man page (Closes: #880421) * Failing test in its test suite (Closes: #1107289, LP: #2112429) * Restart on-abnormal instead of on-abort (Closes: #1106280) * Allow triggers to use maintscript helper to restart apache (LP: #2038912) at-spi2-core (2.56.2-1+deb13u1) trixie; urgency=medium . * patches/keyboard-group: Fix taking group into account for key events (Closes: #1111485) at-spi2-core (2.56.2-1+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Backport to bookworm. - Revert t64 change. - Revert libgirepository1.0-dev build-dep change. awffull (3.10.2-10+deb13u1) trixie; urgency=medium . * QA upload. * debian/awffull.service: Add missing argument to avoid premature exit of the cron script when it is invoked by the systemd timer; thanks Charlemagne Lasse (Closes: #1120742). * debian/control (Vcs-Git): Add branch. * debian/gbp.conf: New file. base-files (13.8+deb13u3) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.3 point release. c-ares (1.34.5-1+deb13u1) trixie-security; urgency=medium . * Apply patch to fix use-after-free (fixes CVE-2025-62408) calibre (8.5.0+ds-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-64486 chromium (143.0.7499.169-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous. - CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim. * d/rules: change (google-specific) upstream tarball url. . [ Daniel Richard G. ] * d/control: Drop valgrind from Build-Depends:, as it appears unused. * d/patches/debianization/cross-build.patch: Update changes to the protoc wrapper to cover additional cases of non-emulated Python execution. * d/rules: Add a bug reference for the libffi issue. chromium (143.0.7499.169-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-14765: Use after free in WebGPU. Reported by Anonymous. - CVE-2025-14766: Out of bounds read and write in V8. Reported by Shaheen Fazim. * d/rules: change (google-specific) upstream tarball url. . [ Daniel Richard G. ] * d/patches/debianization/cross-build.patch: Update changes to the protoc wrapper to cover additional cases of non-emulated Python execution. chromium (143.0.7499.109-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-????-?????: Under coordination. - CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. . [ Jianfeng Liu ] * set use_av1_hw_decoder=true for arm64 and add build dep linux-libc-dev (>= 6.5). This will enable V4L2 stateful/stateless AV1 decoder found on some arm SoCs. * d/patches: - upstream/fix-rk3588-v4l2-av1-decoder.patch: Fixes upstream issue https://crbug.com/464638992. This patch is backported from v145 and will fix green frame issue when playing av1 video on RK3588. - ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: fix FTBFS on ppc64el related to conflicting kernel_stat patches. chromium (143.0.7499.109-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-????-?????: Under coordination. - CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. . [ Jianfeng Liu ] * set use_av1_hw_decoder=true for arm64 and add build dep linux-libc-dev (>= 6.5). This will enable V4L2 stateful/stateless AV1 decoder found on some arm SoCs. * d/patches: - upstream/fix-rk3588-v4l2-av1-decoder.patch: Fixes upstream issue https://crbug.com/464638992. This patch is backported from v145 and will fix green frame issue when playing av1 video on RK3588. - ppc64le/sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: fix FTBFS on ppc64el related to conflicting kernel_stat patches. chromium (143.0.7499.109-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-????-?????: Under coordination. - CVE-2025-14372: Use after free in Password Manager. Reported by Weipeng Jiang (@Krace) of VRI. - CVE-2025-14373: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. chromium (143.0.7499.40-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws). - CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos. - CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles. - CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome. - CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft. - CVE-2025-13720: Bad cast in Loader. Reported by Chrome. - CVE-2025-13721: Race in v8. Reported by Chrome. - CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani. - CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito. - CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke. - CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous. * d/patches: - fixes/headless-gn.patch: refresh. - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream. - disable/tests.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - fixes/libpng-testonly.patch: add a workaround for a missing build target that upstream forgot to include. - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as unsafe to make rustc happy. - trixie/cookie-string-view.patch: add a workaround for missing clang-19 feature. . [ Daniel Richard G. ] * d/patches: - debianization/cross-build.patch: Avoid "Assignment had no effect" error from GN when running outside of d/rules. - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here. - disable/license-headless-shell.patch: Don't generate the (unused) LICENSE.headless_shell file, as the rule tends to break easily. - fixes/headless-gn.patch: No longer needed, thanks to previous patch. * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch. . [ Timothy Pearson ] * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes . [ Jianfeng Liu ] * Add loong64 support, with patches in d/patches/loongarch64/. chromium (143.0.7499.40-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws). - CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos. - CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles. - CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome. - CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft. - CVE-2025-13720: Bad cast in Loader. Reported by Chrome. - CVE-2025-13721: Race in v8. Reported by Chrome. - CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani. - CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito. - CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke. - CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous. * d/patches: - fixes/headless-gn.patch: refresh. - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream. - disable/tests.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - fixes/libpng-testonly.patch: add a workaround for a missing build target that upstream forgot to include. - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as unsafe to make rustc happy. - trixie/cookie-string-view.patch: add a workaround for missing clang-19 feature. . [ Daniel Richard G. ] * d/patches: - debianization/cross-build.patch: Avoid "Assignment had no effect" error from GN when running outside of d/rules. - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here. - disable/license-headless-shell.patch: Don't generate the (unused) LICENSE.headless_shell file, as the rule tends to break easily. - fixes/headless-gn.patch: No longer needed, thanks to previous patch. - trixie/rust-is-multiple-of.patch: add more workarounds for missing rustc features. * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch. . [ Timothy Pearson ] * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes . [ Jianfeng Liu ] * Add loong64 support, with patches in d/patches/loongarch64/. chromium (143.0.7499.40-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-13630: Type Confusion in V8. Reported by Shreyas Penkar (@streypaws). - CVE-2025-13631: Inappropriate implementation in Google Updater. Reported by Jota Domingos. - CVE-2025-13632: Inappropriate implementation in DevTools. Reported by Leandro Teles. - CVE-2025-13633: Use after free in Digital Credentials. Reported by Chrome. - CVE-2025-13634: Inappropriate implementation in Downloads. Reported by Eric Lawrence of Microsoft. - CVE-2025-13720: Bad cast in Loader. Reported by Chrome. - CVE-2025-13721: Race in v8. Reported by Chrome. - CVE-2025-13635: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13636: Inappropriate implementation in Split View. Reported by Khalil Zhani. - CVE-2025-13637: Inappropriate implementation in Downloads. Reported by Hafiizh. - CVE-2025-13638: Use after free in Media Stream. Reported by sherkito. - CVE-2025-13639: Inappropriate implementation in WebRTC. Reported by Philipp Hancke. - CVE-2025-13640: Inappropriate implementation in Passwords. Reported by Anonymous. * d/patches: - fixes/headless-gn.patch: refresh. - fixes/chromium-142-iwyu-field-form-data.patch: drop, merged upstream. - disable/tests.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - fixes/libpng-testonly.patch: add a workaround for a missing build target that upstream forgot to include. - trixie/rust-no-alloc-shim.patch: mark nightly feature 'no_mangle' as unsafe to make rustc happy. - trixie/cookie-string-view.patch: add a workaround for missing clang-19 feature. . [ Daniel Richard G. ] * d/patches: - debianization/cross-build.patch: Avoid "Assignment had no effect" error from GN when running outside of d/rules. - debianization/rustc-bootstrap.patch: Move RUSTC_BOOTSTRAP=1 here. - disable/license-headless-shell.patch: Don't generate the (unused) LICENSE.headless_shell file, as the rule tends to break easily. - fixes/headless-gn.patch: No longer needed, thanks to previous patch. - trixie/rust-is-multiple-of.patch: add more workarounds for missing rustc features. - bookworm/constexpr.patch: Refresh (source file moved). - bookworm/gn-absl.patch: Refresh. - bookworm/gn-path-exists2.patch: Refresh. - bookworm/rust-unsafe-extern.patch: add workaround for older rust code convention generated by bookworm's version of rust-bindgen. - bookworm/node-esm-dirname.patch: add workaround for older node 18. * d/rules: Move RUSTC_BOOTSTRAP=1 environment setting into patch. . [ Timothy Pearson ] * d/patches/ppc64le: - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - ppc64le/fixes/fix-clang-selection.patch: Refresh for upstream changes chromium (142.0.7444.175-1) unstable; urgency=high . * New upstream security release. - CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep. chromium (142.0.7444.175-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep. chromium (142.0.7444.175-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-13223: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group. - CVE-2025-13224: Type Confusion in V8. Reported by Google Big Sleep. chromium (142.0.7444.162-1) unstable; urgency=high . * New upstream security release. - CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3. chromium (142.0.7444.162-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3. chromium (142.0.7444.162-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-13042: Inappropriate implementation in V8. Reported by 303f06e3. chromium (142.0.7444.134-1) unstable; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. cloud-init (25.1.4-1+deb13u1) trixie; urgency=medium . * Ensure deb822 sources.list template renders correctly (Closes: #1118187) composer (2.8.8-1+deb13u1) trixie; urgency=medium . * Backport fix from composer 2.9.3: Fixed ANSI sequence injection [CVE-2025-67746] * Track debian/trixie containerd (1.7.24~ds1-6+deb13u1) trixie-security; urgency=medium . * Fix overly broad directory permissions, Fixes: CVE-2024-25621 * Fix bug in the CRI Attach implementation, Fixes: CVE-2025-64329 Closes: #1120343 cups-filters (1.28.17-6+deb13u1) trixie; urgency=medium . * CVE-2025-64503 fix an out of bounds write vulnerability when processing crafted PDF files containing a large 'Mediabox' value. (Closes: #1120698) . * CVE-2025-57812 fix an out of bounds read/write vulnerability in the processing of TIFF image files. (Closes: #1120704) . * CVE-2025-64524 fix infinite loop with crafted input raster file, that resuls into a heap buffer overflow debian-installer (20250803+deb13u3) trixie; urgency=medium . * Bump Linux kernel ABI to 6.12.63+deb13. * Adjust linux-image build-deps accordingly. debian-installer-netboot-images (20250803+deb13u3) trixie; urgency=medium . * Update to 20250803+deb13u3, from trixie-proposed-updates. debian-security-support (1:13+2026.01.04) trixie; urgency=medium . [ Holger Levsen ] * deb13: mark wpewebkit as unsupported. Closes: #1118273. . [ Jochen Sprickerhof ] * deb13+12+11: mark hdf5 as limited supported. Closes: 1117607. . [ Moritz Muehlenhoff ] * deb13+12: mark zabbix as limited support. Closes: #1124558. debos (1.1.5-1+deb13u1) trixie-proposed-updates; urgency=medium . * d/control: add systemd-resolved to Depends (Closes: #1115880) dgit (12.16) trixie; urgency=medium . git-debrebase bugfix: * Merge resolution: Fix erroneous use of real git tree as if it were a private working area. Closes: #1116933. * Merge resolution: Fix conflation of different temporary directories. * Clean out all of the temporary playground area on every invocation. dhcpcd (1:10.1.0-11+deb13u2) trixie; urgency=medium . * [patches] + Uncomment 'ntp_servers' in dhcpcd.conf (Closes: #1123962). diffoscope (297+deb13u1) trixie; urgency=medium . * Fix a test after the upload of systemd-ukify 258~rc3 (vs 258~rc2). (Closes: #1120867) distribution-gpg-keys (1.115+ds-1~deb13u1) trixie; urgency=medium . * Merge tag 'debian/1.115+ds-1' into debian/trixie . distribution-gpg-keys (1.115+ds-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.115+ds' . distribution-gpg-keys (1.114+ds-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.114+ds' distribution-gpg-keys (1.114+ds-1) unstable; urgency=medium . * Update upstream source from tag 'upstream/1.114+ds' dpdk (24.11.4-0+deb13u1) trixie; urgency=medium . [ Christian Ehrhardt ] * d/p/disable_arm64_autopkgtest_fails.patch: disable tests that are flaky in debci (Closes: #1114911) . [ Luca Boccassi ] * New upstream release 24.11.4. For a full list of changes in 24.11.4 see: https://doc.dpdk.org/guides/rel_notes/release_24_11.html dpdk (24.11.3-2) unstable; urgency=medium . [ Christian Ehrhardt ] * d/control: librte-net-ntnic25 is x86_64 only * d/control: librte-net-zxdh25 is x86_64 and arm64 only * d/p/disable_arm64_autopkgtest_fails.patch: disable tests that are flaky in debci (Closes: #1114911) dpdk (24.11.3-1) unstable; urgency=medium . * New upstream release 24.11.3. For a full list of changes in 24.11.3 see: https://doc.dpdk.org/guides/rel_notes/release_24_11.html dropbear (2025.89-1~deb13u1) trixie-security; urgency=high . * New upstream security and bugfix release (closes: #1123069). + Fix CVE-2025-14282: Privilege escalation via unix stream forwarding in Dropbear server. Other programs on a system may authenticate unix sockets via SO_PEERCRED, which would be root user for Dropbear forwarded connections, allowing root privilege escalation. + The server now drops privileges of the dropbear process after authentication. + Remote server TCP socket forwarding will now use OS privileged port restrictions rather than having a fixed "allow >=1024 for non-root" rule. + Unix stream sockets are now disallowed when a forced command is used, either with authorized_key restrictions or "dropbear -c command". * DEP-8: Add "Depends: e2fsprogs" to remote-unlocking test. edk2 (2025.02-8+deb13u1) trixie; urgency=medium . * Cherry-pick openssl fix for timing side-channel in ECDSA signature computation, CVE-2024-13176. - d/p/0001-Fix-timing-side-channel-in-ECDSA-signature-computati.patch * Fix out-of-bounds memory access in NetworkPkg/IScsiDxe, CVE-2024-38805. - d/p/0001-NetworkPkg-IScsiDxe-Fix-for-out-of-bound-memory-acce.patch * Safe handling of IDT register on SMM entry, CVE-2025-3770. - d/p/0001-UefiCpuPkg-PiSmmCpuDxeSmm-Safe-handling-of-IDT-regis.patch exfatprogs (1.2.9-1+deb13u1) trixie; urgency=medium . * Add trixie branch information to gbp.conf and Vcs-Git. * Add debian/patches/windows-compat-use-512-sector-size.patch for Windows compatibility. Windows fails to access devices with a 4KB sector size which use a 512Byte sector emulation. Cherry-Pick the revert from exfatprogs 1.3.0 to use a 512Byte sector size for those devices, despite the performance penalty. If a user would like to omit the Windows compatability "mkfs.exfat -s 4096" can still be used to override the sector size. (Closes: #1120932) extrepo-data (1.0.6~deb13u1) trixie; urgency=medium . * Reupload to stable. - This also includes a fix for the "build on trixie now fails" issue, which Closes: #1078614. extrepo-data (1.0.5) unstable; urgency=medium . [ Robin Schneider ] * switch vector repo to apt.vector.dev after old repo was shutdown * fix bug in validate-repo that prevented validation of Release file . [ Merlin Lüdicke ] * switch nvidia-docker to unified debian repo * add pgpainless-cli requirement to readme * add bookworm amd64 to virtualbox repo . [ Oscar A. Jara ] * Add Brave keys . [ Robin Schneider ] * Provide `vector` repo which will point to latest major release . [ Sergey Ponomarev ] * waydroid.yaml: add trixie and sid suites * README.md: add a command to install dependencies and example of validation . [ Holger Weiss ] * eturnal repository: Add trixie and sid suites . [ Nicolas Peugnet ] * Update element.io PGP key * Check for GOODSIG instead of VALIDSIG in validate-repo * Better log messages for validate-repo * Add Zotero-deb repo . [ Colin Watson ] * Add pyxian . [ mirabilos ] * Update wtf/wtf-lts . [ Oliver Smith ] * Osmocom: update gpg-key . [ Juri Grabowski ] * Add new repositories from Ondřej Surý * Rewrite elastic repositories #12 * add openmediavault repositories * add mysql-lts repository * add angie repository * add unifi repository * add opentofu repository * add helm repository * add azure-cli repository * add ceph repositories * add gopasspw repository * add trixie to winehq * add mozilla repository * add n.wtf nginx repository * add arctica-project repositories * add linux-libre repository * update gitlab key * Update elbe key * Update all possible repositories to bookworm * Close #1065421 . [ Jonathan Wiltshire ] * New signing key for Spotify * Update google-chrome signing key . [ Thomas Goirand ] * OpenStack debian.net backport repo: Add the OpenStack Caracal release. * Add ceph_reef repository . [ Wouter Verhelst ] * Add trivy repository * Add beidconnect repository * Consol repository don't support i386 architecture anymore ffmpeg (7:7.1.3-0+deb13u1) trixie-security; urgency=medium . * New upstream version 7.1.3 ffmpeg (7:7.1.2-1) unstable; urgency=medium . * New upstream version 7.1.2 - Fixes CVE-2025-1594 flatpak (1.16.2-1~deb13u1) trixie; urgency=medium . * d/control, d/gbp.conf: Use debian/trixie packaging branch * Summary of changes since trixie: - New upstream stable release, see 1.16.2-1 changelog (Closes: #1114484) - Fix FTBFS with DEB_BUILD_OPTIONS=nocheck (Closes: #1116737) - d/copyright: Point to GNU web address instead of old FSF postal address - d/copyright: Clarify possible interpretations of LGPL-2 * Revert changes that are not appropriate for a stable update: - Revert "Prefer the OpenSSL flavour of libcurl" - Revert "d/control: Only require gtk-doc-tools, etc. if we are building documentation" - Revert "Stop build-depending on libgirepository1.0-dev" - Revert "d/control: Remove Rules-Requires-Root" - Revert "Normalize formatting with debputy" . flatpak (1.16.2-1) unstable; urgency=medium . * New upstream stable release - Fix a memory leak in flatpak-session-helper when invoking host commands (flatpak-spawn --host) from privileged apps (Closes: #1114484) - Treat either the xe or i915 kernel module as indicating an Intel GPU, not just i915, and install the appropriate VA-API extensions - If using GLib 2.86.1 (specifically that version due to a regression that was later fixed), avoid exposing $HOME to apps if an XDG special directory such as Music is requested by the app but has been disabled locally - In flatpak-kill(1), make killing processes more robust, and avoid race conditions that could lead to the whole process group being killed - Allow `flatpak run` or `flatpak install --user` while under `sudo -u otheruser` or `sudo -g`, as long as the other user is not root, relaxing a check that was only intended to avoid accidents involving running as root - Provide an empty /run/host/font-dirs.xml during flatpak-build(1), avoiding spurious warnings for processes that use fontconfig during build-time tests - Fix a crash in `flatpak install --include-sdk` if the app is installed on a per-user basis but the corresponding SDK is already installed system-wide - Take the --reinstall option into account when installing a bundle - Add a missing argument to fcntl F_DUPFD_CLOEXEC during Flatpak's own build-time tests, fixing a test regression with newer glibc on Ubuntu - Fix flatpak-pin(1)/flatpak-mask(1) with multiple arguments, by reloading configuration when needed - Fix an assertion failure in flatpak-build-import-bundle(1) - When using the library API, allow http downloads with libcurl to be cancelled - If an OCI registry only has one image, allow the tag to be omitted - Fix a memory leak when using an OCI registry - Fix an uninitialized variable - Documentation improvements - Translation updates: pl * d/libflatpak-doc.install: Install single-file HTML documentation for the library. This was built by Autotools in 1.14.x and disappeared during the switch to Meson, but is now built again as a result of upstream fixes. . flatpak (1.16.1-3) unstable; urgency=medium . * Fix builds (Closes: #1116737) - d/control: Remove annotation from fuse3. This is required unconditionally (even if not running tests) since 1.15.7 upstream, so that the build system can autodetect the distro's appropriate path to fusermount3 or fusermount. - d/control, d/rules: Tighten up handling of nocheck and noinsttest. The upstream build system checks for some programs that are required during testing whenever the tests are compiled. If we are under both the nocheck and noinsttest build profiles, don't compile the tests, so that pkcheck and socat won't be needed in that configuration; and otherwise, we need them in Build-Depends. * d/control: Remove Rules-Requires-Root, no longer needed since trixie * Normalize formatting with debputy . flatpak (1.16.1-2) unstable; urgency=medium . * d/copyright: Point to GNU web address instead of old FSF postal address * d/copyright: Clarify possible interpretations of LGPL-2 * Stop build-depending on libgirepository1.0-dev. Build-depend on gobject-introspection (>= 1.80) instead. libgirepository1.0-dev is not multiarch-compatible and should be removed during the forky cycle. * d/control: Only require gtk-doc-tools, etc. if we are building documentation * Prefer the OpenSSL flavour of libcurl. This is the one that upstream is going to be testing with in practice. flatpak (1.16.1-3) unstable; urgency=medium . * Fix builds (Closes: #1116737) - d/control: Remove annotation from fuse3. This is required unconditionally (even if not running tests) since 1.15.7 upstream, so that the build system can autodetect the distro's appropriate path to fusermount3 or fusermount. - d/control, d/rules: Tighten up handling of nocheck and noinsttest. The upstream build system checks for some programs that are required during testing whenever the tests are compiled. If we are under both the nocheck and noinsttest build profiles, don't compile the tests, so that pkcheck and socat won't be needed in that configuration; and otherwise, we need them in Build-Depends. * d/control: Remove Rules-Requires-Root, no longer needed since trixie * Normalize formatting with debputy flatpak (1.16.1-2) unstable; urgency=medium . * d/copyright: Point to GNU web address instead of old FSF postal address * d/copyright: Clarify possible interpretations of LGPL-2 * Stop build-depending on libgirepository1.0-dev. Build-depend on gobject-introspection (>= 1.80) instead. libgirepository1.0-dev is not multiarch-compatible and should be removed during the forky cycle. * d/control: Only require gtk-doc-tools, etc. if we are building documentation * Prefer the OpenSSL flavour of libcurl. This is the one that upstream is going to be testing with in practice. fpdf2 (2.8.3-1+deb13u1) trixie; urgency=medium . * Stop wrongly removing fvar table, allowing again the use of fpdf2 with variable fonts. (Closes: 1110990) freedombox (25.9.3+deb13u1) trixie; urgency=medium . [ Sunil Mohan Adapa ] * distupgrade: Handle comments in sources.list file * distupgrade: Update Trixie's release date as announced * backups: Set proper permissions for backups-data directory (CVE-2025-68462) . [ James Valleroy ] * doc: Fetch latest manual freeradius (3.2.7+dfsg-1+deb13u2) trixie; urgency=medium . [ Didier Raboud ] * Backport patch to fix segfaults on TLS connections with more than one intermediate certificate (Closes: #1120927) . [ Bernhard Schmidt ] * Add d/gbp.conf for Trixie branch glib2.0 (2.84.4-3~deb13u2) trixie; urgency=medium . * d/patches: Add patches from 2.86.3 upstream to avoid integer overflows - d/p/gconvert-Error-out-if-g_escape_uri_string-would-overflow.patch, d/p/fuzzing-Add-fuzz-tests-for-g_filename_-to-from-_uri.patch: Fix an integer overflow when interpolating hundreds of megabytes of unescaped text into a URI, and add test coverage (CVE-2025-13601, glib#3827 upstream, Closes: #1121488) - d/p/gvariant-parser-Fix-potential-integer-overflow-parsing-by.patch: Fix an integer overflow when parsing very large strings in GVariant text format (CVE-2025-14087, glib#3834 upstream, Closes: #1122347) - d/p/gvariant-parser-Use-size_t-to-count-numbers-of-child-elem.patch, d/p/gvariant-parser-Convert-error-handling-code-to-use-size_t.patch: Fix other potential integer overflows parsing very large container types in GVariant text format, related to CVE-2025-14087 - d/p/gfileattribute-Fix-integer-overflow-calculating-escaping-.patch: Fix an integer overflow when escaping invalid characters in very large file attributes (CVE-2025-14512, glib#3845 upstream, Closes: #1122346) glibc (2.41-12+deb13u1) trixie; urgency=medium . * debian/patches/git-updates.diff: update from upstream stable branch: - Fix a double lock init issue after fork() - Fix _dl_find_object when ld.so has LOAD segment gaps, causing wrong backtrace unwinding. This affects at least arm64. - Fix SYSCALL_CANCEL for return values larger than INT_MAX (closes: #1115729). - Fix crash in ifunc functions on arm64 when hardening with -ftrivial-auto-var-init=zero. - Optimize inverse trig functions on arm64. - Optimize arm64 SVE exp, hyperbolic, and log1p functions. - Optimize arm64 SVE expf and log1p helpers. gnome-shell (48.7-0+deb13u1) trixie; urgency=medium . * Team upload * New upstream release 48.5 - Avoid a crash when using the Draw-On-Gnome extension, fixing a regression in 48.3 (gnome-shell#8602 upstream) - Close the captive-portal authentication dialog when full network connectivity is detected (gnome-shell#7790 upstream) - Fix connecting to WPA Enterprise or WPA2 Enterprise networks from the quick settings menu (gnome-shell#8590 upstream) - Disable unneeded extensions before enabling new extensions, ensuring that there is never a time when two conflicting extensions are active (gnome-shell!3835 upstream) - Fix position of IBus candidate panel when using a scaled display (gnome-shell#8424 upstream) - During authentication, don't reset the authentication prompt on every tap/click, only when the prompt should change from hidden to visible (gnome-shell!3852 upstream) - Incorporate previously Debian-specific patches fixing X11 tray icon handling (gnome-shell!3818 upstream) - Avoid a possible source of lockups in keyboard focus handling (gnome-shell!3220 upstream) - Fix a memory leak with custom themes (gnome-shell#8509 upstream, LP: #2121786) - During authentication, don't discard typeahead when changing entry visibility (gnome-shell!3850 upstream) - Fix a crash when using a CSS-only Shell extension (gnome-shell#7339 upstream, previously fixed differently by a Debian-specific patch) - Improve debuggability of the actor tree (gnome-shell!3863 upstream) - Improve display of overview application search results in right-to-left locales (Arabic/Hebrew) (gnome-shell!3851 upstream) - Fix a crash during searches (gnome-shell#8651 upstream, LP: #2104113) - Fix a race condition causing intermittent stuck notifications (gnome-shell#6006 upstream) - Better forward-compatibility with post-trixie GLib versions (gnome-shell!3846, gnome-shell!3855 upstream) - Better forward-compatibility with post-trixie mutter versions (gnome-shell#4253 upstream) - Documentation/comment fixes - Translation updates: de, fi, th, zh_TW * New upstream release 48.6 - During authentication, move keyboard focus to the currently-visible widget, not always the text entry box (gnome-shell!3849 upstream) - Ensure that workspace selector reappears promptly when cancelling a search in the overview (gnome-shell#7985 upstream) - Warn instead of crashing if an unsupported accent colour is set, for example when swapping between Ubuntu's patched gnome-shell and an upstream gnome-shell (gnome-shell!3892 upstream) - Always send a valid value for the reason a notification was closed (gnome-shell!3907 upstream) - In the UI for screenshots, if a button doesn't have any other label, use its tooltip as the label for accessibility purposes (gnome-shell!3908 upstream) - When a notification instance is reused, don't send its activation event multiple times (gnome-shell!3904 upstream) - Don't emit spurious dotted circles when using the on-screen keyboard in the Hindi (Bolnagri) layout (gnome-shell#8719 upstream) - Remove unused argument to PopupMenu constructor (gnome-shell!3894 upstream) - Translation updates: ug * New upstream release 48.7 - Revert some changes in 48.6 that could cause regressions (not shown in the above summary) - Ensure network icon is updated on connectivity changes (gnome-shell#7357, gnome-shell#8549 upstream) - In gdm, sort the available sessions by their localized name, as displayed, and not by their internal IDs (gnome-shell!3920 upstream) - Add on-screen keyboard layouts for German (extended) and German (Austria, extended) (gnome-shell!3923 upstream) - Avoid zombie networkmanager-openvpn-auth processes when a VPN connection is stopped (gnome-shell#7083 upstream) - Avoid a warning on drag-and-drop when animations are disabled (gnome-shell!3922 upstream) - When logout, reboot or shutdown is prevented by a systemd inhibitor, don't log the cancellation with a stack trace as though it was an internal error (gnome-shell#8749 upstream) - Fix a crash when a window is closed immediately after losing on-screen keyboard focus (gnome-shell#8752 upstream) - Fix handling of multiple gdm greeter instances (gnome-shell!3942 upstream) - Fix warnings and potential use-after-free when the Shell exits in certain states (gnome-shell!3943 upstream) - Improve code clarity by using symbolic constants for SOURCE_CONTINUE, SOURCE_REMOVE (gnome-shell!3950 upstream) - Always return a result from "later" handlers (gnome-shell!3950 upstream) - Align search results' provider name better (gnome-shell!3951 upstream) - Always register the session with GDM on startup, even if no monitor is connected (gnome-shell!3708 upstream) - Fix misplaced separator in dash after unpinning running app (gnome-shell#3966, #3799 upstream) - Fix swipe gestures behaving incorrectly in RTL locales (gnome-shell!3967 upstream) - Fix some typos in documentation/comments - Translation updates: ro * Interface change: the misleadingly-named org.gnome.Shell.PortalHelper.Done signal has been renamed to org.gnome.Shell.PortalHelper.StatusChanged. In practice no other Debian package appears to subscribe to this signal, so this shouldn't have any effect. . [ Jeremy Bícha ] * Remove tray-icons patches: applied in 48.5 * Remove st-theme-node patch: alternative fix applied in 48.5 . [ Marco Trevisan (Treviño) ] * d/p/build-Define-test-dependencies.patch, d/p/extensions-app-Add-test-dependency-on-generated-desktop-f.patch: Add patches to fix tests' compilation dependencies * debian/tests: Add autopkgtests for GNOME Shell. We can just recompile gnome-shell and run the tests provided by upstream. * debian/tests: Run tests on the installed gnome-shell. Run the autopkgtests running the upstream-provided test scripts using the gnome-shell in the archive installed as it is. When in Ubuntu, we are also using the Ubuntu profile. * debian/salsa-ci: Enable i386 autopkgtests. i386 is kinda special in desktop, so better to track potential breakages. . [ Simon McVittie ] * Document upstream changes in detail * Rebase patch series - Drop one of Marco's new test-related build system patches (see above), applied in 48.5 * Slightly improve patch metadata gnome-shell (48.5-3) unstable; urgency=medium . * Team upload * Revert "Generate a versioned dependency for the GLib 2.86 transition" * Bump glib2.0 dependency to 2.86 unconditionally (part of #1115340) gnome-shell (48.5-2) unstable; urgency=medium . * Team upload * Generate a versioned dependency for the GLib 2.86 transition. GNOME Shell will need to be rebuilt after GLib 2.86 is uploaded to unstable, so that its typelibs declare a dependency on GioUnix, which they do not when built against older GLib. Generate a versioned dependency so that this can be done via either a binNMU or a sourceful upload. * d/rules: Use a more robust xvfb-run command-line (Mitigates: #981201) gnome-shell (48.5-1) unstable; urgency=medium . * New upstream release * debian/gnome-shell.gsettings-override: update Yelp to org.gnome.Yelp * Remove tray-icons patches applied in new release * Remove st-theme-node patch: alternative fix applied in new release gnome-shell (48.4-1) unstable; urgency=medium . * Team upload * New upstream stable release - network: If a network has no ID, don't treat it as available, avoiding breaking the network menu (gnome-shell!3785 upstream) - Improve URL recognition heuristic for notifications so that non-URLs do not become a link (gnome-shell#8517 upstream) - In gdm, improve efficiency of user list (gnome-shell!3799 upstream) - Fix signal order when taking a screenshot interactively is triggered via D-Bus, for example from xdg-desktop-portal (gnome-shell#8499 upstream) - Improve cursor scaling on systems with different-DPI monitors when using the Magnifier accessibility tool (gnome-shell!475 upstream) - In sliders like volume and brightness, avoid drawing part of the bar over the handle in RTL locales (gnome-shell!3817 upstream) - Improve robustness of signal connections in the Thunderbolt and smart-card code (gnome-shell!3796 upstream) - Code cleanups in extensions management service (part of gnome-shell!3750 upstream) - Translation updates * d/control: Bump gjs version to 1.81.2 as per meson.build. No practical effect, 1.82.x is already in trixie. * d/gbp.conf: Use debian/forky branch for uploads targeting forky. We'll stick to 48.x in testing/unstable for now, to get better testing for future 48.x updates in trixie. Preliminary 49.x packaging for experimental is already using the debian/latest branch. gnome-shell-extension-gsconnect (62-1+deb13u1) trixie-security; urgency=medium . * Cherrypick 3223595bb648ad09afd150ec56dadfe1f33bd641 gnupg2 (2.4.7-21+deb13u1) trixie; urgency=high . * Avoid potential downgrade to SHA1 in 3rd party key signatures. https://gpg.fail/sha1 #12 Patch from STABLE-BRANCH-2-4 * gpg: Error out on unverified output for non-detached signatures. https://gpg.fail/detached #1 Patch from STABLE-BRANCH-2-4 * gpg: Fix possible memory corruption in the armor parser (CVE-2025-68973) https://gpg.fail/memcpy #5 Patch from STABLE-BRANCH-2-4 (Closes: #1124221) * gpg: Do not use a default when asking for another output filename. https://gpg.fail/filename #2 Unfuzzed patch from GIT master gnutls28 (3.8.9-3+deb13u1) trixie; urgency=medium . * Add patch for CVE-2025-9820 / GNUTLS-SA-2025-11-18 from 3.8.11. Closes: #1121146 imagemagick (8:7.1.1.43+dfsg1-1+deb13u4) trixie; urgency=high . * Fix CVE-2025-62594 (Closes: #1119296) Imagemagick is vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile width or height is zero, unsigned underflow occurs in pointer arithmetic, leading to out-of-bounds memory access, and division-by-zero causes immediate crashes. * Fix CVE-2025-65955 (Closes: #1122827) There is a vulnerability in ImageMagick’s Magick++ layer that manifests when Options::fontFamily is invoked with an empty string. Clearing a font family calls RelinquishMagickMemory on _drawInfo->font, freeing the font string but leaving _drawInfo->font pointing to freed memory while _drawInfo->family is set to that (now-invalid) pointer. Any later cleanup or reuse of _drawInfo->font re-frees or dereferences dangling memory. DestroyDrawInfo and other setters (Options::font, Image::font) assume _drawInfo->font remains valid, so destruction or subsequent updates trigger crashes or heap corruption. * Fix CVE-2025-66628 (Closes: #1122584) The TIM (PSX TIM) image parser contains a critical integer overflow vulnerability in its ReadTIMImage function (coders/tim.c). The code reads width and height (16-bit values) from the file header and calculates image_size = 2 * width * height without checking for overflow. On 32-bit systems (or where size_t is 32-bit), this calculation can overflow if width and height are large (e.g., 65535), wrapping around to a small value. * Fix CVE-2025-68618: Magick's failure to limit the depth of SVG file reads caused a DoS attack. * Do not allow vid for vector graphics * Fix CVE-2025-68950: Magick's failure to limit MVG mutual references forming a loop * Fix CVE-2025-69204: Converting a malicious MVG file to SVG caused an integer overflow. incus (6.0.4-2+deb13u3) trixie; urgency=medium . * Backport fix for running nested docker in containers (Closes: #1121011) incus (6.0.4-2+deb13u2) trixie-security; urgency=high . * Backport upstream fix for GHSA-56mx-8g9f-5crf incus (6.0.4-2+deb13u2~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. - Drop dependency on virtiofsd, as it isn't available for bookworm - Drop apparmor 4.x patch - Relax dependency on lxcfs, since runit scripts aren't expected for bookworm - Add patch to remove dependency on go-criu - Add patch to build with older version of openfga-go-sdk - Add patch backporting RemoveAll from newer sftp intel-microcode (3.20251111.1~deb13u1) trixie; urgency=medium . * Upload to stable: no changes intel-microcode (3.20251111.1~deb12u1) bookworm; urgency=medium . * Backport to bookworm * debian/rules: revert use of /usr/lib/firmware for deb12 intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. iperf3 (3.18-2+deb13u2) trixie; urgency=medium . * Fix FTBS in trixie with openssl >= 3.5.3 (Closes: #1120866) kdeconnect (25.04.2-1+deb13u1) trixie-security; urgency=medium . * Cherrypick 1d757349d0f517ef12c119565ffb1f79503fbcdf keystone (2:27.0.0-3+deb13u1) trixie-security; urgency=high . * OSSA-2025-002: kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., from a presigned S3 URL), an unauthenticated attacker may obtain Keystone authorization (ec2tokens can yield a fully scoped token; s3tokens can reveal scope accepted by some services), resulting in unauthorized access and privilege escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients (e.g., exposed on a public API) are affected. Applied upstream patch (Closes: #1120053): - keystone-bug-2119646-stable-2025.1.patch kleopatra (4:24.12.3-1+deb13u1) trixie; urgency=medium . [ Sandro Knauß ] * Fix "Fails to start with a file argument on GNOME" by import upstream patches. (Closes: #1120106) krita (1:5.2.9+dfsg-1+deb13u1) trixie-security; urgency=medium . * CVE-2025-59820 lasso (2.8.2-9+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * tests: test that inserted comment do not change node value and still validate signature * xml: prevent assignment of attribute value inside any attribute (CVE-2025-47151) * misc: check xmlSecGetNodeNsHref for possible NULL result (CVE-2025-46404) * xml: do not terminate on an unknown XML node type (CVE-2025-46705) libcoap3 (4.3.4-1.1+deb13u2) trixie; urgency=medium . * CVE-2025-59391 (Closes: #1122290) fix OSCORE configuration file parsing issue * CVE-2025-65493 (Closes: 1121415) fix NULL pointer dereference * CVE-2025-65494 fix NULL pointer dereference * CVE-2025-65495 fix integer signedness * CVE-2025-65496 fix NULL pointer dereference * CVE-2025-65497 fix NULL pointer dereference * CVE-2025-65498 fix NULL pointer dereference * CVE-2025-65499 fix array index error * CVE-2025-65500 fix NULL pointer dereference * CVE-2025-65501 fix NULL pointer dereference libcupsfilters (2.0.0-3+deb13u1) trixie; urgency=medium . * CVE-2025-64503 fix an out of bounds write vulnerability when processing crafted PDF files containing a large 'Mediabox' value. (Closes: #1120697) . * CVE-2025-57812 fix an out of bounds read/write vulnerability in the processing of TIFF image files. (Closes: #1120703) libphp-adodb (5.22.9-0.1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Fix CVE-2025-54119: SQL injection in sqlite3 driver (Closes: #1110464) libpng1.6 (1.6.48-1+deb13u1) trixie-security; urgency=high . * Security upload targeting trixie. * Backport fixes for: - CVE-2025-64505 - Heap buffer over-read (Closes: #1121219) - CVE-2025-64506 - Heap buffer over-read (Closes: #1121218) - CVE-2025-64720 - Heap buffer overflow (Closes: #1121217) - CVE-2025-65018 - Heap buffer overflow (Closes: #1121216) - CVE-2025-66293 - Out-of-bounds read (Closes: #1121877) * Set gbp.conf for trixie and enable salsa CI libreoffice (4:25.2.3-2+deb13u3) trixie; urgency=medium . * debian/patches/add-EUR-for-Bulgaria-Lew.diff: fix typo: s/BLN/BGN/, thanks Xisco Fauli * debian/patches/default-to-EUR-for-Bulgaria.diff: as name says libvirt (11.3.0-3+deb13u2) trixie; urgency=medium . * [c5ef2ce] patches: Add backports - backport/conf-Add-virDomainDefIDsParseString[...] - backport/bhyve-Check-ACLs-before-parsing-[...] - backport/libxl-Check-ACLs-before-parsing-[...] - backport/lxc-Check-ACLs-before-parsing-[...] - backport/vz-Check-ACLs-before-parsing-[...] - backport/ch-Check-ACLs-before-parsing-[...] - backport/qemu-Check-ACLs-before-parsing-[...] - Perform ACL checks earlier, preventing malicious users from potentially being able to crash the daemon - CVE-2025-12748 - Closes: #1120584 * [9c44722] patches: Add backports - backport/qemu-snapshot-Set-umask-for-qemu-img-[...] - Ensure that newly-created snapshots are not world-readable - CVE-2025-13193 - Closes: #1120119 * [74ba3ed] patches: Add backports - backport/qemuxmlconftest-Improve-coverage-of-disk-[...] - backport/qemu[...]-Setup-detect_zeroes-[...] - Apply the detect_zeroes settings across all layers of the backing chain instead of just the topmost one - Closes: #1121280 linux (6.12.63-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.58 - NFSD: Fix crash in nfsd4_read_release() - net: usb: asix_devices: Check return value of usbnet_get_endpoints - fbcon: Set fb_display[i]->mode to NULL when the mode is released - fbdev: atyfb: Check if pll_ops->init_pll failed - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() - ACPI: button: Call input_free_device() on failing input device registration - virtio-net: drop the multi-buffer XDP packet in zerocopy - fbdev: bitblit: bound-check glyph index in bit_putcs* - Bluetooth: rfcomm: fix modem control handling - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode - mptcp: drop bogus optimization in __mptcp_check_push() - mptcp: restore window probe - [arm64] ASoC: qdsp6: q6asm: do not sleep while atomic - [s390x] pci: Restore IRQ unconditionally for the zPCI device - smb: client: fix potential cfid UAF in smb2_query_info_compound - [amd64] x86/fpu: Ensure XFD state on signal delivery - wifi: ath10k: Fix memory leak on unsupported WMI command - wifi: ath11k: Add missing platform IDs for quirk table - wifi: ath12k: free skb during idr cleanup callback - wifi: ath11k: add support for MU EDCA - wifi: ath11k: avoid bit operation on key flags - [arm64] drm/msm/a6xx: Fix GMU firmware parser - ALSA: usb-audio: fix control pipe direction - wifi: mac80211: don't mark keys for inactive links as uploaded - wifi: mac80211: fix key tailroom accounting leak - bpf: Sync pending IRQ work before freeing ring buffer - scsi: ufs: core: Initialize value of an attribute returned by uic cmd - bpf: Find eligible subprogs for private stack support - bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth - bpf: Do not audit capability check in do_jit() - [amd64] ASoC: Intel: avs: Unprepare a stream when XRUN occurs - [amd64] ASoC: Intel: avs: Disable periods-elapsed work when closing PCM - [arm64,armhf] ASoC: fsl_sai: fix bit order for DSD format - libbpf: Fix powerpc's stack register definition in bpf_tracing.h - usbnet: Prevents free active kevent - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once - Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave - Bluetooth: ISO: Fix BIS connection dst_type handling - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 - Bluetooth: ISO: Fix another instance of dst_type handling - Bluetooth: hci_core: Fix tracking of periodic advertisement - [arm64,armhf] drm/etnaviv: fix flush sequence logic - [arm64] net: hns3: return error code when function fails - sfc: fix potential memory leak in efx_mae_process_mport() - dpll: spec: add missing module-name and clock-id to pin-get reply - [arm64,armhf] ASoC: fsl_sai: Fix sync error in consumer mode - drm/radeon: Do not kfree() devres managed rdev - drm/radeon: Remove calls to drm_put_dev() - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland - ACPI: fan: Use ACPI handle when retrieving _FST - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL - block: make REQ_OP_ZONE_OPEN a write operation - regmap: slimbus: fix bus_context pointer in regmap init calls - [s390x] mm: Fix memory leak in add_marker() when kvrealloc() fails - drm/xe: Do not wake device during a GT reset - drm/sysfb: Do not dereference NULL pointer in plane reset - drm/sched: avoid killing parent entity on child SIGKILL - drm/nouveau: Fix race in nouveau_sched_fini() - [arm64] drm/mediatek: Fix device use-after-free on unbind - drm/amd: Check that VPE has reached DPM0 in idle handler - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (Closes: #1000966) - ACPI: fan: Add fan speed reporting for fans with only _FST - ACPI: fan: Use platform device for devres-related actions - sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU - cpuidle: governors: menu: Rearrange main loop in menu_select() - cpuidle: governors: menu: Select polling state in some more cases - [amd64] mfd: kempld: Switch back to earlier ->init() behavior - [amd64] x86/CPU/AMD: Add RDSEED fix for Zen5 - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. - drm/sched: Optimise drm_sched_entity_push_job - drm/sched: Re-group and rename the entity run-queue lock - drm/sched: Fix race in drm_sched_entity_select_rq() - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump - [s390x] Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs - [arm64] firmware: qcom: scm: preserve assign_mem() error return value - [arm64] soc: qcom: smem: Fix endian-unaware access of num_entries - [arm64] soc: ti: pruss: don't use %pK through printk - bpf: Don't use %pK through printk - pinctrl: single: fix bias pull up/down handling in pin_config_set - [arm64] mmc: host: renesas_sdhi: Fix the actual clock - memstick: Add timeout to prevent indefinite waiting - [arm64,armhf] cpufreq: ti: Add support for AM62D2 - bpf: Use tnums for JEQ/JNE is_branch_taken logic - firewire: ohci: move self_id_complete tracepoint after validating register - [riscv64] irqchip/sifive-plic: Respect mask state when setting affinity - io_uring/zctx: check chained notif contexts - ACPI: sysfs: Use ACPI_FREE() for freeing an ACPI object - ACPI: video: force native for Lenovo 82K8 - libbpf: Fix USDT SIB argument handling causing unrecognized register error - cpufreq/longhaul: handle NULL policy in longhaul_exit - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA - ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] - thermal: gov_step_wise: Allow cooling level to be reduced earlier - power: supply: qcom_battmgr: add OOI chemistry - [amd64] hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models - [amd64] hwmon: (k10temp) Add device ID for Strix Halo - power: supply: sbs-charger: Support multiple devices - cpufreq: ondemand: Update the efficient idle check for Intel extended Families - [arm64,armhf] soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups - [arm64] firmware: qcom: tzmem: disable sc7180 platform - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - pwm: pca9685: Use bulk write to atomicially update registers - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - [amd64,arm64] tee: allow a driver to allocate a tee_device without a pool - nvmet-fc: avoid scheduling association deletion twice - nvme-fc: use lock accessing port_state and rport state - bpf: Do not limit bpf_cgroup_from_id to current's namespace - i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tools/cpupower: fix error return value in cpupower_write_sysfs() - power: supply: qcom_battmgr: handle charging state change notifications - bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 - cpuidle: Fail cpuidle device registration if there is one already - futex: Don't leak robust_list pointer on exec race - ACPI: SPCR: Support Precise Baud Rate field - blk-cgroup: fix possible deadlock while configuring policy - [riscv64] bpf: Fix uninitialized symbol 'retval_off' - bpf: Clear pfmemalloc flag when freeing all fragments - nvme: Use non zero KATO for persistent discovery connections - uprobe: Do not emulate/sstep original instruction when ip is changed - [amd64] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex - [amd64] hwmon: (dell-smm) Remove Dell Precision 490 custom config data - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/power x86_energy_perf_policy: Prefer driver HWP limits - [armhf] mfd: stmpe: Remove IRQ domain upon removal - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE - [riscv64] mfd: da9063: Split chip variant reading in two bus transactions - mfd: core: Increment of_node's refcount before linking it to the platform device - [amd64] mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs - drm/amd/display: fix condition for setting timing_adjust_pending - drm/amd/display: ensure committing streams is seamless - drm/amdgpu: add range check for RAS bad page address - drm/amdgpu: Check vcn sram load return value - drm/amd/display: Move setup_stream_attribute - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration - drm/xe/guc: Add more GuC load error status codes - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. - drm/amdgpu: Avoid rma causes GPU duplicate reset - drm/amd/amdgpu: Release xcp drm memory after unplug - drm/amdgpu: Skip poison aca bank from UE channel - drm/amd/display: add more cyan skillfish devices - drm/amd/display: update dpp/disp clock from smu clock table - drm/amd/pm: Use cached metrics data on aldebaran - drm/amd/pm: Use cached metrics data on arcturus - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - [arm64] ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off - drm/amd/display: Wait until OTG enable state is cleared - PCI: Disable MSI on RDC PCI to PCIe bridges - wifi: rtw89: print just once for unknown C2H events - wifi: rtw88: sdio: use indirect IO for device registers before power-on - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - media: pci: ivtv: Don't create fake v4l2_fh - [arm64] drm/tidss: Use the crtc_* timings when programming the HW - [arm64] drm/tidss: Set crtc modesetting parameters with adjusted mode - PCI/ERR: Update device error_state already after reset - [amd64] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - net: stmmac: Check stmmac_hw_setup() in stmmac_resume() - ice: Don't use %pK through printk or tracepoints - thunderbolt: Use is_pciehp instead of is_hotplug_bridge - tty: serial: ip22zilog: Use platform device for probing - [powerpc*] eeh: Use result of error_detected() in uevent - [s390x] pci: Use pci_uevent_ers() in PCI recovery - bridge: Redirect to backup port when port is administratively down - net: ipv6: fix field-spanning memcpy warning in AH output - media: imon: make send_packet() more robust - [arm64] drm/panthor: Serialize GPU cache flush operations - HID: pidff: Use direction fix only for conditional effects - HID: pidff: PERMISSIVE_CONTROL quirk autodetection - [arm64,armhf] drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts - drm/amdgpu: fix nullptr err of vm_handle_moved - drm/amdkfd: Handle lack of READ permissions in SVM mapping - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - iio: adc: imx93_adc: load calibrated values even calibration failed - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - wifi: rtw89: wow: remove notify during WoWLAN net-detect - wifi: rtw89: fix BSSID comparison for non-transmitted BSSID - dm error: mark as DM_TARGET_PASSES_INTEGRITY - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor - char: misc: Does not request module for miscdevice with dynamic minor - net: When removing nexthops, don't call synchronize_net if it is not necessary - net: stmmac: Correctly handle Rx checksum offload errors - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - f2fs: fix to detect potential corrupted nid in free_nid_list - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - bnxt_en: Add Hyper-V VF ID - tty: serial: Modify the use of dev_err_probe() - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units - [amd64,arm64] idpf: do not linearize big TSO packets - rds: Fix endianness annotation for RDS_MPATH_HASH - media: ipu6: isys: Set embedded data type correctly for metadata formats - rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table - net: ipv4: allow directed broadcast routes to use dst hint - scsi: mpi3mr: Fix I/O failures during controller reset - scsi: mpi3mr: Fix controller init failure on fault during queue creation - scsi: pm80xx: Fix race condition caused by static variables - remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device - fuse: zero initialize inode private data - drm/amdgpu: Correct the counts of nr_banks and nr_errors - drm/amdkfd: fix vram allocation failure for a special case - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - [amd64] platform/x86/intel-uncore-freq: Fix warning in partitioned system - media: fix uninitialized symbol warnings - media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS - [amd64] ASoC: SOF: ipc4-pcm: Add fixup for channels - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting - drm/amd/display: incorrect conditions for failing dto calculations - drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) - inet_diag: annotate data-races in inet_diag_bc_sk() - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() - [amd64] crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() - scsi: pm8001: Use int instead of u32 to store error codes - [arm64] scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on suspend - ptp: Limit time setting of PTP clocks - dmaengine: sh: setup_xref error handling - [arm64,armhf] dmaengine: mv_xor: match alloc_wc and free_wc - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate - drm/amdgpu: Allow kfd CRIU with no buffer objects - drm/xe/guc: Increase GuC crash dump buffer size - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled - [arm64] drm/panthor: check bo offset alignment in vm bind - drm: panel-backlight-quirks: Make EDID match optional - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - media: adv7180: Add missing lock in suspend callback - media: adv7180: Do not write format to device in set_fmt - media: adv7180: Only validate format in querystd - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls for decoders - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - [arm64,armhf] PCI: imx6: Enable the Vaux supply if available - drm/xe/guc: Set upper limit of H2G retries over CTB - net: call cond_resched() less often in __release_sock() - smsc911x: add second read of EEPROM mac when possible corruption seen - [amd64] iommu/amd: Skip enabling command/event buffers for kdump - [amd64] crypto: ccp: Skip SEV and SNP INIT for kdump boot - drm/amd: add more cyan skillfish PCI ids - drm/amdgpu: don't enable SMU on cyan skillfish - drm/amdgpu: add support for cyan skillfish gpu_info - drm/amd/display: Fix pbn_div Calculation Error - [arm64] net: dsa: felix: support phy-mode = "10g-qxgmii" - usb: gadget: f_hid: Fix zero length packet transfer - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget - tty/vt: Add missing return value for VT_RESIZE in vt_ioctl() - [arm64] drm/msm: make sure to not queue up recovery more than once - char: Use list_del_init() in misc_deregister() to reinitialize list pointer - PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list - [amd64] media: ov08x40: Fix the horizontal flip control - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer - f2fs: fix wrong layout information on 16KB page - net: phy: marvell: Fix 88e1510 downshift counter errata - ntfs3: pretend $Extend records as regular files - wifi: mac80211: Fix HE capabilities element check - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 - [arm64] drm/msm/registers: Generate _HI/LO builders for reg64 - net: sh_eth: Disable WoL if system can not suspend - netfilter: nf_reject: don't reply to icmp error messages - [amd64] x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT - net: devmem: expose tcp_recvmsg_locked errors - udp_tunnel: use netdev_warn() instead of netdev_WARN() - HID: asus: add Z13 folio to generic group for multitouch to work - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger - [arm64] crypto: sun8i-ce - remove channel timeout field - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() - [amd64] crypto: ccp - Fix incorrect payload size calculation in psp_poulate_hsti() - [arm64,armhf] crypto: caam - double the entropy delay interval for retry - net/cls_cgroup: Fix task_get_classid() during qdisc run - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device - wifi: mt76: mt7996: Temporarily disable EPCS - wifi: mt76: mt76_eeprom_override to int - ALSA: serial-generic: remove shared static buffer - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl - drm/amd/display: Set up pixel encoding for YCBCR422 - drm/amd/display: fix dml ms order of operations - drm/amd: Avoid evicting resources at S5 - drm/amd/display: Fix DVI-D/HDMI adapters - drm/amd/display: Disable VRR on DCE 6 - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START - page_pool: always add GFP_NOWARN for ATOMIC allocations - ethernet: Extend device_get_mac_address() to use NVMEM - HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 - drm/xe/guc: Return an error code if the GuC load fails - drm/amdgpu: reject gang submissions under SRIOV - scsi: ufs: core: Disable timestamp functionality if not supported - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology - allow finish_no_open(file, ERR_PTR(-E...)) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - f2fs: fix infinite loop in __insert_extent_tree() - wifi: rtw89: obtain RX path from ppdu status IE00 - wifi: rtw89: renew a completion for each H2C command waiting C2H event - usb: xhci-pci: add support for hosts with zero USB3 ports - ipv6: np->rxpmtu race annotation - RDMA/irdma: Update Kconfig - IB/ipoib: Ignore L3 master device - jfs: Verify inode mode when loading from disk - jfs: fix uninitialized waitqueue in transaction manager - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() - [arm64] ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() - net: phy: clear link parameters on admin link down - bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state - [amd64] iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() - wifi: ath10k: Fix connection after GTK rekeying - wifi: mac80211: Track NAN interface start/stop - net: intel: fm10k: Fix parameter idx set but not used - r8169: set EEE speed down ratio to 1 - vfio: return -ENOTTY for unsupported device feature - PCI/PM: Skip resuming to D0 if device is disconnected - remoteproc: qcom: q6v5: Avoid handling handover twice - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 - [armhf] net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463 - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream - drm/amd/display: Init dispclk from bootup clock for DCN314 - drm/amd/display: Fix for test crash due to power gating - drm/amd/display: change dc stream color settings only in atomic commit - NFSv4: handle ERR_GRACE on delegation recalls - NFSv4.1: fix mount hang after CREATE_SESSION failure - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing - net: bridge: Install FDB for bridge MAC on VLAN 0 - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() - [amd64] accel/habanalabs/gaudi2: fix BMON disable configuration - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate - [amd64] accel/habanalabs: return ENOMEM if less than requested pages were pinned - [amd64] accel/habanalabs/gaudi2: read preboot status after recovering from dirty state - [amd64] accel/habanalabs: support mapping cb with vmalloc-backed coherent memory - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock - ext4: increase IO priority of fastcommit - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw - [armhf] ASoC: stm32: sai: manage context in set_sysclk callback - [armhf] ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 - ACPI: scan: Update honor list for RPMI System MSI - vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices - net/mlx5e: Don't query FEC statistics when FEC is disabled - net: macb: avoid dealing with endianness in macb_set_hwaddr() - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames - Bluetooth: SCO: Fix UAF on sco_conn_free - Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922 - Bluetooth: bcsp: receive data only if registered - ALSA: usb-audio: add mono main switch to Presonus S1824c - net: stmmac: est: Drop frames causing HLBS error - exfat: limit log print for IO error - exfat: validate cluster allocation bits of the allocation bitmap - 6pack: drop redundant locking and refcounting - page_pool: Clamp pool size to max 16K pages - orangefs: fix xattr related buffer overflow... - ftrace: Fix softlockup in ftrace_module_enable - ksmbd: use sock_create_kern interface to create kernel socket - smb: client: transport: avoid reconnects triggered by pending task work - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr - usb: xhci-pci: Fix USB2-only root hub registration - char: misc: restrict the dynamic range to exclude reserved minors - drm/amd/display: Add fallback path for YCBCR422 - ACPICA: Update dsmethod.c to get rid of unused variable warning - RDMA/irdma: Fix SD index calculation - RDMA/irdma: Remove unused struct irdma_cq fields - RDMA/irdma: Set irdma_cq cq_num field during CQ create - [arm64] RDMA/hns: Fix recv CQ and QP cache affinity - [arm64] RDMA/hns: Fix the modification of max_send_sge - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around - btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation - btrfs: mark dirty extent range for out of bound prealloc extents - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - clk: sunxi-ng: sun6i-rtc: Add A523 specifics - [arm64] rtc: pcf2127: clear minute/second interrupt - 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled - [arm64] clk: scmi: Add duty cycle ops only when duty cycle is supported - 9p: fix /sys/fs/9p/caches overwriting itself - 9p: sysfs_init: don't hardcode error to ENOMEM - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS - ACPI: property: Return present device nodes only on fwnode interface - tools bitmap: Add missing asm-generic/bitsperlong.h include - tools: lib: thermal: don't preserve owner in install - tools: lib: thermal: use pkg-config to locate libnl3 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds - [arm64] rtc: pcf2127: fix watchdog interrupt mask on pcf2131 - net: wwan: t7xx: add support for HP DRMR-H01 - kbuild: uapi: Strip comments before size type check - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity - drm/amdkfd: Fix mmap write lock not release - ceph: add checking of wait_for_completion_killable() return value - ceph: fix potential race condition in ceph_ioctl_lazyio() - ceph: refactor wake_up_bit() pattern of calling - ceph: fix multifs mds auth caps issue - [amd64] x86: use cmov for user address masking - [amd64] x86/runtime-const: Add the RUNTIME_CONST_PTR assembly macro - [amd64] x86: uaccess: don't use runtime-const rewriting in modules - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again - btrfs: ensure no dirty metadata is written back for an fs with errors - media: uvcvideo: Use heuristic to find stream entity - media: videobuf2: forbid remove_bufs when legacy fileio is active - [arm64] drm/mediatek: Disable AFBC support on Mediatek DRM driver - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Closes: #1120680) - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up - [riscv64] ptdump: use seq_puts() in pt_dump_seq_puts() macro - Bluetooth: hci_event: validate skb length for unknown CC opcode - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() - [armhf] net: dsa: tag_brcm: legacy: reorganize functions - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx - net: vlan: sync VLAN features with lower device - gpio: swnode: don't use the swnode's name as the key for GPIO lookup - gpiolib: fix invalid pointer access in debugfs - [armhf] net: dsa: b53: fix resetting speed and pause on forced link - [armhf] net: dsa: b53: fix bcm63xx RGMII port link adjustment - [armhf] net: dsa: b53: fix enabling ip multicast - [armhf] net: dsa: b53: stop reading ARL entries if search is done - sctp: Hold RCU read lock while iterating over address list - sctp: Prevent TOCTOU out-of-bounds write - sctp: Hold sock lock while iterating over address list - net: ionic: add dma_wmb() before ringing TX doorbell - net: ionic: map SKB after pseudo-header checksum prep - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup - bnxt_en: Fix a possible memory leak in bnxt_ptp_init - bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type - bnxt_en: Refactor bnxt_free_ctx_mem() - bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem() - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup - net/mlx5e: Fix return value in case of module EEPROM read error - [arm64] net: ti: icssg-prueth: Fix fdb hash size configuration - net/mlx5e: SHAMPO, Fix skb size check for 64K pages - [armhf] net: dsa: microchip: Fix reserved multicast address table programming - net: bridge: fix use-after-free due to MST port state bypass - net: bridge: fix MST static key usage - tracing: Fix memory leaks in create_field_var() - drm/amd/display: Enable mst when it's detected but yet to be initialized - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() - [arm64] rtc: rx8025: fix incorrect register reference - [amd64] x86/microcode/AMD: Add more known models to entry sign checking - smb: client: validate change notify buffer before copy - smb: client: fix potential UAF in smb2_close_cached_fid() - drm/amdgpu/smu: Handle S0ix for vangogh - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments - virtio-net: fix received length check in big packets - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL - scsi: ufs: core: Add a quirk to suppress link_startup_again - drm/amd/display: update color on atomic commit time - ACPI: SPCR: Check for table version when using precise baudrate - drm/amdgpu: Fix unintended error log in VCN5_0_0 - drm/amdgpu: Fix function header names in amdgpu_connectors.c - drm/amd/display: Fix black screen with HDMI outputs https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.59 - [arm64] drm/mediatek: Add pm_runtime support for GCE power control - [amd64] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD - [amd64] drm/i915: Fix conversion between clock ticks and nanoseconds - smb: client: fix refcount leak in smb2_set_path_attr - drm/amd: Fix suspend failure with secure display TA - drm/xe/guc: Synchronize Dead CT worker with unbind - drm/xe: Move declarations under conditional branch - drm/xe: Do clean shutdown also when using flr - [arm64] kprobes: check the return value of set_memory_rox() - [riscv64] clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors - [riscv64] acpi: avoid errors caused by probing DT devices when ACPI is used - drm/amdgpu: remove two invalid BUG_ON()s - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices - NFS4: Fix state renewals missing after boot - NFS4: Apply delay_retrans to async operations - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - HID: nintendo: Wait longer for initial probe - NFS: check if suid/sgid was cleared after a write as needed - HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel - exfat: fix improper check of dentry.stream.valid_size - smb/server: fix possible memory leak in smb2_read() - smb/server: fix possible refcount leak in smb2_sess_setup() - HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() - erofs: avoid infinite loop due to incomplete zstd-compressed data - [arm64,armhf] net: fec: correct rx_bytes statistic for the case SHIFT16 is set - net: phy: micrel: Introduce lanphy_modify_page_reg - net: phy: micrel: Replace hardcoded pages with defines - net: phy: micrel: lan8814 fix reset of the QSGMII interface - NFSD: Skip close replay processing if XDR encoding fails - Bluetooth: MGMT: cancel mesh send timer when hdev removed - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto - net/smc: fix mismatch between CLC header and proposal - net/handshake: Fix memory leak in tls_handshake_accept() - tipc: Fix use-after-free in tipc_mon_reinit_self(). - net: mdio: fix resource leak in mdiobus_register_device() - wifi: mac80211: skip rate verification for not captured PSDUs - af_unix: Initialise scc_index in unix_add_edge(). - net_sched: act_connmark: use RCU in tcf_connmark_dump() - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak - net/mlx5e: Fix maxrate wraparound in threshold between units - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix potentially misleading debug message - net_sched: limit try_bulk_dequeue_skb() batches - virtio-net: fix incorrect flags recording in big mode - hsr: Fix supervision frame sending on HSRv0 - [amd64] ACPI: CPPC: Detect preferred core availability on online CPUs - [amd64] ACPI: CPPC: Check _CPC validity for only the online CPUs - [amd64] ACPI: CPPC: Perform fast check switch only for online CPUs - [amd64] ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs - Bluetooth: L2CAP: export l2cap_chan_hold for modules - acpi,srat: Fix incorrect device handle check for Generic Initiator - regulator: fixed: fix GPIO descriptor leak on register failure - [arm64] ASoC: codecs: va-macro: fix resource leak in probe error path - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE - ASoC: tas2781: fix getting the wrong device number - pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() - pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS - simplify nfs_atomic_open_v23() - NFSv2/v3: Fix error handling in nfs_atomic_open_v23() - NFS: sysfs: fix leak when nfs_client kobject add fails - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() - NFS: Fix LTP test failures when timestamps are delegated - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd - acpi/hmat: Fix lockdep warning for hmem_register_resource() - bpf: Add bpf_prog_run_data_pointers() - bpf: account for current allocated stack depth in widen_imprecise_scalars() - [riscv64] irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path - proc: fix the issue of proc_mem_open returning NULL - ext4: introduce ITAIL helper - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) - Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) - f2fs: fix to avoid overflow while left shift operation (CVE-2025-40077) - hostfs: Fix only passing host root in boot stage with new mount - virtio-fs: fix incorrect check for fsvq->kobj - fs/namespace: correctly handle errors returned by grab_requested_mnt_ns - sched_ext: Fix unsafe locking in the scx_dump_state() - Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678) - [arm64] dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 - [arm64] dts: rockchip: Make RK3588 GPU OPP table naming less generic - [armhf] dts: imx51-zii-rdu1: Fix audmux node names - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() - HID: playstation: Fix memory leak in dualshock4_get_calibration_data() - HID: uclogic: Fix potential memory leak in error path - [amd64] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated - nfsd: fix refcount leak in nfsd_set_fh_dentry() (CVE-2025-40212) - nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes - NFSD: free copynotify stateid in nfs4_free_ol_stateid() - ksmbd: close accepted socket when per-IP limit rejects connection - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item - strparser: Fix signed/unsigned mismatch bug - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe - nilfs2: avoid having an active sc_timer before freeing sci - wifi: mac80211: reject address change while connecting - fs/proc: fix uaf in proc_readdir_de() - mm/mm_init: fix hash table order logging in alloc_large_system_hash() - mm/shmem: fix THP allocation and fallback loop - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 - mmc: dw_mmc-rockchip: Fix wrong internal phase calculate - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer - cifs: client: fix memory leak in smb3_fs_context_parse_param - codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext - crash: fix crashkernel resource shrink - smb: client: fix cifs_pick_channel when channel needs reconnect - spi: Try to get ACPI GPIO IRQ earlier - [amd64] x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev - ftrace: Fix BPF fexit with livepatch - PM: hibernate: Emit an error when image writing fails - PM: hibernate: Use atomic64_t for compressed_size variable - btrfs: zoned: fix conventional zone capacity calculation - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() - btrfs: do not update last_log_commit when logging inode due to a new name - btrfs: release root after error in data_reloc_print_warning_inode() - drm/amdkfd: relax checks for over allocation of save area - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration failure - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove - [arm64,armhf] pmdomain: samsung: plug potential memleak during probe - mptcp: fix MSG_PEEK stream corruption - wifi: cfg80211: add an hrtimer based delayed work item - wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work - mm, percpu: do not consider sleepable allocations atomic - [amd64] KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() - [amd64] KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file - [amd64] KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying - net: netpoll: Individualize the skb pool - net: netpoll: flush skb pool during cleanup - net: netpoll: fix incorrect refcount handling causing incorrect cleanup - [amd64] KVM: VMX: Split out guts of EPT violation to common/exposed function - [amd64] KVM: VMX: Fix check for valid GVA on an EPT violation - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (CVE-2025-40097) - io_uring/napi: fix io_napi_entry RCU accesses - uio_hv_generic: Set event for all channels on the device (Closes: #1120602) - mm/memory: do not populate page table entries beyond i_size - mm/truncate: unmap large folio on split failure - mm/secretmem: fix use-after-free race in fault handler - mm/huge_memory: do not change split_huge_page*() target order silently - mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() - net: phy: micrel: Fix lan8814_config_init - net: netpoll: ensure skb_pool list is always initialized - proc: proc_maps_open allow proc_mem_open to return NULL - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CVE-2025-40213) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.60 - [arm64] KVM: arm64: Check the untrusted offset in FF-A memory share - timers: Fix NULL function pointer race in timer_shutdown_sync() - HID: amd_sfh: Stop sensor before starting - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Closes: #1114557) - [arm64] dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 - mtdchar: fix integer overflow in read/write ioctls - isofs: check the return value of sb_min_blocksize() in isofs_fill_super - shmem: fix tmpfs reconfiguration (remount) when noswap is set - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector - mptcp: Disallow MPTCP subflows from sockmap - mptcp: Fix proto fallback detection with BPF - ata: libata-scsi: Fix system suspend for a security locked drive - smb: client: introduce close_cached_dir_locked() - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() - be2net: pass wrb_params in case of OS2BMC - [armhf] net: dsa: microchip: lan937x: Fix RGMII delay tuning - [arm64,armhf] Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" - Input: cros_ec_keyb - fix an invalid memory access - Input: goodix - add support for ACPI ID GDIX1003 - Input: pegasus-notetaker - fix potential out-of-bounds access - mm/mempool: fix poisoning order>0 pages with HIGHMEM - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() - scsi: sg: Do not sleep in atomic context - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups - mptcp: fix race condition in mptcp_schedule_work() - mptcp: fix ack generation for fallback msk - mptcp: fix duplicate reset on fastclose - mptcp: fix premature close in case of fallback - mptcp: avoid unneeded subflow-level drops - mptcp: decouple mptcp fastclose from tcp close - mptcp: do not fallback when OoO is present - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple() - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock - drm/amd: Skip power ungate during suspend for VPE - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled - drm/amd/display: Increase DPCD read retries - drm/amd/display: Move sleep into each retry for retrieve_link_cap() - drm/amd/display: Fix pbn to kbps Conversion - drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 - xfrm: drop SA reference in xfrm_state_update if dir doesn't match - xfrm: set err and extack on failure to create pcpu SA - xfrm: Determine inner GSO type from packet inner protocol - xfrm: Prevent locally generated packets from direct output in tunnel mode - [amd64] pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - [arm64,armhf] drm/tegra: Add call to put_pid() - net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() - net: openvswitch: remove never-working support for setting nsh fields - nvme-multipath: fix lockdep WARN due to partition scan work - [s390x] ctcm: Fix double-kfree - [amd64] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - [amd64,arm64] idpf: fix possible vport_config NULL pointer deref in remove - ice: fix PTP cleanup on driver removal in error path - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy - net/mlx5: Clean up only new IRQ glue on request_irq() failure - af_unix: Cache state->msg in unix_stream_read_generic(). - af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). - cifs: fix memory leak in smb3_fs_context_parse_param error path - vsock: Ignore signal/timeout on connect() if already established - bcma: don't register devices disabled in OF - cifs: fix typo in enable_gcm_256 module parameter - scsi: core: Fix a regression triggered by scsi_host_busy() - [amd64] x86/microcode/AMD: Limit Entrysign signature checking to known generations - net: tls: Change async resync helpers argument - blk-crypto: use BLK_STS_INVAL for alignment errors - net: tls: Cancel RX async resync request on rcd_delta overflow - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check - [arm64] KVM: arm64: Make all 32bit ID registers fully writable - drm/xe: Prevent BIT() overflow when handling invalid prefetch region - [s390x] mm: Fix __ptep_rdp() inline assembly - ALSA: usb-audio: fix uac2 clock source at terminal parser - tracing/tools: Fix incorrcet short option in usage text for --threads - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough - smb: client: fix incomplete backport in cfids_invalidation_worker() - tty/vt: fix up incorrect backport to stable releases - maple_tree: fix tracepoint string pointers - [amd64] drm/i915/dp_mst: Disable Panel Replay - mptcp: fix a race in mptcp_pm_del_add_timer() - xfs: Replace strncpy with memcpy - xfs: fix out of bounds memory read error in symlink repair - drm/amd/display: avoid reset DTBCLK at clock init - drm/amd/display: disable DPP RCG before DPP CLK enable - drm/amd/display: Insert dccg log for easy debug - drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched - Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.61 - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface - Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind - Bluetooth: SMP: Fix not generating mackey and ltk when repairing - net: sched: generalize check for no-queue qdisc on TX queue - veth: apply qdisc backpressure on full ptr_ring to reduce TX drops - veth: prevent NULL pointer dereference in veth_xdp_rcv - veth: more robust handing of race to avoid txq getting stuck - veth: reduce XDP no_direct return section to fix race - [amd64] platform/x86: intel: punit_ipc: fix memory corruption - net: aquantia: Add missing descriptor cache invalidation on ATL2 - net: lan966x: Fix the initialization of taprio - drm/xe: Fix conversion from clock ticks to milliseconds - net/mlx5e: Fix validation logic in rate limiting - team: Move team device type change at the end of team_port_add - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling - net: wwan: mhi: Keep modem name match with Foxconn T99W640 - net: atlantic: fix fragment overflow handling in RX path - [arm64,armhf] net: fec: cancel perout_timer when PEROUT is disabled - [arm64,armhf] net: fec: do not update PEROUT if it is enabled - [arm64,armhf] net: fec: do not allow enabling PPS and PEROUT simultaneously - [arm64,armhf] net: fec: do not register PPS event for PEROUT - iio: st_lsm6dsx: Fixed calibrated timestamp calculation - [arm64] mailbox: mtk-cmdq: Refine DMA address handling for the command buffer - mailbox: pcc: Refactor error handling in irq handler into separate function - mailbox: pcc: don't zero error register - fs/namespace: fix reference leak in grab_requested_mnt_ns - spi: spi-mem: Allow specifying the byte order in Octal DTR mode - spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency - spi: spi-mem: Add a new controller capability - [arm64] spi: nxp-fspi: Support per spi-mem operation frequency switches - [arm64] spi: spi-nxp-fspi: remove the goto in probe - [arm64] spi: spi-nxp-fspi: Add OCT-DTR mode support - [arm64] spi: nxp-fspi: Propagate fwnode in ACPI case as well - Revert "drm/amd/display: Move setup_stream_attribute" - [amd64] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - iio: buffer-dma: support getting the DMA channel - iio: buffer-dmaengine: enable .get_dma_dev() - iio: buffer: support getting dma channel from the buffer - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411) - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 - [arm64] dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref - can: sja1000: fix max irq loop handling - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling - ceph: fix crash in process_v2_sparse_read() for encrypted directories - dm-verity: fix unreliable memory allocation - drivers/usb/dwc3: fix PCI parent check - smb: client: fix memory leak in cifs_construct_tcon() - [amd64] thunderbolt: Add support for Intel Wildcat Lake - [arm64] slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves - nvmem: layouts: fix nvmem_layout_bus_uevent - firmware: stratix10-svc: fix bug in saving controller data - mm/memfd: fix information leak in hugetlb folios - mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level - mptcp: clear scheduled subflows on retransmit - mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). - [arm*] serial: amba-pl011: prefer dma_mapping_error() over explicit address checking - usb: cdns3: Fix double resource release in cdns3_pci_probe - usb: gadget: f_eem: Fix memory leak in eem_unwrap - usb: storage: Fix memory leak in USB bulk transport - USB: storage: Remove subclass and protocol overrides from Novatek quirk - usb: storage: sddr55: Reject out-of-bound new_pba - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer - [amd64,arm64] usb: dwc3: pci: add support for the Intel Nova Lake -S - [amd64,arm64] usb: dwc3: pci: Sort out the Intel device IDs - [amd64,arm64] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths - xhci: fix stale flag preventig URBs after link state error is cleared - xhci: dbgtty: Fix data corruption when transmitting data form DbC to host - xhci: dbgtty: fix device unregister - USB: serial: ftdi_sio: add support for u-blox EVK-M101 - USB: serial: option: add support for Rolling RW101R-GL - drm: sti: fix device leaks at component probe - drm/amd/amdgpu: reserve vm invalidation engine for uni_mes - drm/amd/display: Check NULL before accessing - drm/amd/display: Don't change brightness for disabled connectors - [armhf] net: dsa: microchip: common: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: ptp: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: Don't free uninitialized ksz_irq - libceph: fix potential use-after-free in have_mon_and_osd_map() - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() - libceph: replace BUG_ON with bounds check for map->max_osd - staging: rtl8712: Remove driver using deprecated API wext - nfsd: Replace clamp_t in nfsd4_get_drc_mem() - usb: typec: ucsi: psy: Set max current to zero when disconnected - usb: udc: Add trace event for usb_gadget_set_state - usb: gadget: udc: fix use-after-free in usb_gadget_state_work - mm/huge_memory: fix NULL pointer deference when splitting folio - [amd64] KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() - [amd64] KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() - [amd64] KVM: nSVM: Fix and simplify LBR virtualization handling with nested - [amd64] KVM: SVM: Fix redundant updates of LBR MSR intercepts - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup - [armhf] net: dsa: microchip: Do not execute PTP driver code for unsupported switches - [armhf] net: dsa: microchip: Free previously initialized ports on init failures - wifi: ath12k: correctly handle mcast packets for clients - Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" - [amd64] drm/i915/dp: Initialize the source OUI write timestamp always - [arm64] spi: spi-nxp-fspi: Check return value of devm_mutex_init() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.62 - xfrm: delete x->tunnel as we delete x - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added - xfrm: flush all states in xfrm_state_fini - Documentation: process: Also mention Sasha Levin as stable tree maintainer - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted - ext4: refresh inline data size before write operations - ksmbd: ipc: fix use-after-free in ipc_msg_send_request - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() - [amd64] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced - USB: serial: option: add Foxconn T99W760 - USB: serial: option: add Telit Cinterion FE910C04 new compositions - USB: serial: option: move Telit 0x10c7 composition in the right place - USB: serial: ftdi_sio: match on interface number for jtag - serial: add support of CPCI cards - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() - [arm64,armhf] ipi: imx: keep dma request disabled before dma transfer setup - drm/vmwgfx: Use kref in vmw_bo_dirty - Bluetooth: btrtl: Avoid loading the config file on security chips - smb: fix invalid username check in smb3_fs_context_parse_param() - drm/amdkfd: Fix GPU mappings for APU after prefetch - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series - bfs: Reconstruct file type when loading from disk - HID: hid-input: Extend Elan ignore battery quirk to USB - nvme: fix admin request_queue lifetime - [arm64] pinctrl: qcom: msm: Fix deadlock in pinmux configuration - [amd64] platform/x86: acer-wmi: Ignore backlight event - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list - [amd64] platform/x86: huawei-wmi: add keys for HONOR models - [amd64] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list - [amd64] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally - HID: elecom: Add support for ELECOM M-XT3URBK (018F) - wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 - [amd64] comedi: check device's attached status in compat ioctls - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing - bus: mhi: host: pci_generic: Add Telit FN920C04 modem support - bus: mhi: host: pci_generic: Add Telit FN990B40 modem support https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.63 - [arm64,armhf] gpu: host1x: Fix race in syncpt alloc/free - [amd64] accel/ivpu: Prevent runtime suspend during context abort work - [amd64] accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail - [amd64] accel/ivpu: Make function parameter names consistent - [amd64] accel/ivpu: Fix DCT active percent format - drm/vgem-fence: Fix potential deadlock on release - USB: Fix descriptor count when handling invalid MBIM extended descriptor - [arm64] pinctrl: renesas: rzg2l: Fix PMC restore - [arm64] clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback - [arm64] clk: renesas: Use str_on_off() helper - [arm64] clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register - [arm64] clk: renesas: cpg-mssr: Read back reset registers to assure values latched - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() - objtool: Fix standalone --hacks=jump_label - objtool: Fix weak symbol detection - wifi: ath10k: Avoid vdev delete timeout when firmware is already down - wifi: ath10k: Add missing include of export.h - wifi: ath10k: move recovery check logic into a new work - wifi: ath11k: restore register window after global reset - sched/fair: Forfeit vruntime on yield - [arm*] irqchip/irq-brcmstb-l2: Fix section mismatch - [arm64,armhf] irqchip/imx-mu-msi: Fix section mismatch - [arm64] irqchip/renesas-rzg2l: Fix section mismatch - [riscv64] irqchip/starfive-jh8100: Fix section mismatch - [arm64] irqchip/qcom-irq-combiner: Fix section mismatch - crypto: authenc - Correctly pass EINPROGRESS back up to the caller - ntfs3: fix uninit memory after failed mi_read in mi_format_new - ntfs3: Fix uninit buffer allocated by __getname() - dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets - dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets - clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets - rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() - inet: Avoid ehash lookup race in inet_ehash_insert() - inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() - firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc - block/mq-deadline: Introduce dd_start_request() - block/mq-deadline: Switch back to a single dispatch list - [arm64] dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props - [arm64] dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl - [arm64] dts: imx8mp-venice-gw702x: remove off-board uart - [arm64] dts: imx8mp-venice-gw702x: remove off-board sdhc1 - perf annotate: Check return value of evsel__get_arch() properly - [arm64] dts: exynos: gs101: fix sysreg_apm reg property - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe - soc: Switch back to struct platform_driver::remove() - [arm64] soc: qcom: gsbi: fix double disable caused by devm - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id - wifi: ath11k: fix VHT MCS assignment - wifi: ath11k: fix peer HE MCS assignment - [s390x] smp: Fix fallback CPU detection - [s390x] ap: Don't leak debug feature files if AP instructions are not available - [arm64] dts: ti: k3-am62p: Fix memory ranges for GPU - firmware: imx: scu-irq: fix OF node leak in - [arm64] dts: qcom: x1e80100: Fix compile warnings for USB HS controller - [arm64] dts: qcom: x1e80100: Add missing quirk for HS only USB controller - [arm64] dts: qcom: sdm845-oneplus: Correct gpio used for slider - [arm64] dts: qcom: sm8650: set ufs as dma coherent - [arm64] dts: qcom: qcm6490-shift-otter: Add missing reserved-memory - phy: mscc: Fix PTP for VSC8574 and VSC8572 - sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure - Revert "mtd: rawnand: marvell: fix layouts" - [arm64,armhf] mtd: nand: relax ECC parameter validation check - perf: Remove get_perf_callchain() init_nr argument - bpf: Refactor stack map trace depth calculation into helper function - bpf: Fix stackmap overflow check in __bpf_get_stackid() - [amd64] perf/x86/intel/cstate: Remove PC3 support from LunarLake - task_work: Fix NMI race condition - [amd64] x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() - tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set - [arm64] soc: qcom: smem: fix hwspinlock resource leak in probe error paths - [armhf] pinctrl: stm32: fix hwspinlock resource leak in probe function - i3c: fix refcount inconsistency in i3c_master_register - i3c: master: svc: Prevent incomplete IBI transaction - wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() - [arm64] interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS - [arm64] dts: qcom: msm8996: add interconnect paths to USB2 controller - interconnect: debugfs: Fix incorrect error handling for NULL path - drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() - perf lock contention: Load kernel map before lookup - perf record: skip synthesize event when open evsel failed - power: supply: rt5033_charger: Fix device node reference leaks - power: supply: cw2015: Check devm_delayed_work_autocancel() return code - power: supply: max17040: Check iio_read_channel_processed() return code - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() - power: supply: wm831x: Check wm831x_set_bits() return value - power: supply: apm_power: only unset own apm_get_power_status - scsi: target: Do not write NUL characters into ASCII configfs output - fs/9p: Don't open remote file with APPEND mode when writeback cache is used - [arm64] drm/panthor: Handle errors returned by drm_sched_entity_init() - [arm64] drm/panthor: Fix group_free_queue() for partially initialized queues - [arm64] drm/panthor: Fix UAF race between device unplug and FW event processing - [arm64] drm/panthor: Fix race with suspend during unplug - [arm64] drm/panthor: Fix UAF on kernel BO VA nodes - libbpf: Fix parsing of multi-split BTF - [armhf] dts: am335x-netcom-plus-2xx: add missing GPIO labels - [armhf] dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible - [armhf] dts: omap3: n900: Correct obsolete TWL4030 power compatible - [amd64] x86/boot: Fix page table access in 5-level to 4-level paging transition - efi/libstub: Fix page table access in 5-level to 4-level paging transition - ext4: correct the checking of quota files before moving extents - [amd64] perf/x86/intel: Correct large PEBS flag check - regulator: core: disable supply if enabling main regulator fails - md: fix rcu protection in md_wakeup_thread - nbd: defer config put in recv_work - scsi: stex: Fix reboot_notifier leak in probe error path - scsi: smartpqi: Fix device resources accessed after device removal - dt-bindings: PCI: amlogic: Fix the register name of the DBI region - RDMA/rtrs: server: Fix error handling in get_or_create_srv - ntfs3: init run lock for extend inode - [arm64] drm/panthor: Fix potential memleak of vma structure - scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() - [amd64] cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs - [powerpc*] kdump: Fix size calculation for hot-removed memory ranges - [powerpc*] 32: Fix unpaired stwcx. on interrupt exit - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() - nbd: defer config unlock in nbd_genl_connect - coresight: Change device mode to atomic type - [arm64] coresight: etm4x: Correct polling IDLE bit - [arm64] coresight: etm4x: Extract the trace unit controlling - [arm64] coresight: etm4x: Add context synchronization before enabling trace - lib/vsprintf: Check pointer before dereferencing in time_and_date() - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() - scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls - leds: netxbig: Fix GPIO descriptor leak in error paths - bpf: Free special fields when update [lru_,]percpu_hash maps - PCI: keystone: Exit ks_pcie_probe() for invalid mode - [arm64] dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C - [amd64] crypto: iaa - Fix incorrect return value in save_iaa_wq() - [arm64] drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype - ps3disk: use memcpy_{from,to}_bvec index - bpf: Handle return value of ftrace_set_filter_ip in register_fentry - bpf: Check skb->transport_header is set in bpf_skb_check_mtu - watchdog: wdat_wdt: Fix ACPI table leak in probe function - watchdog: starfive: Fix resource leak in probe error path - tracefs: fix a leak in eventfs_create_events_dir() - NFSD/blocklayout: Fix minlength check in proc_layoutget - block/blk-throttle: Fix throttle slice time for SSDs - [arm64] drm/msm/a2xx: stop over-complaining about the legacy firmware - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() - bpf: Fix invalid prog->stats access when update_effective_progs fails - [powerpc*] 64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit - [powerpc*] 64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format - fs/ntfs3: out1 also needs to put mi - fs/ntfs3: Prevent memory leaks in add sub record - [arm64] drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue - [arm64] drm/msm/a6xx: Flush LRZ cache before PT switch - [arm64] drm/msm/a6xx: Fix the gemnoc workaround - [arm64] drm/msm/a6xx: Improve MX rail fallback in RPMH vote init - ipv6: clear RA flags when adding a static route (Closes: #1117959) - pwm: bcm2835: Make sure the channel is enabled after pwm_request() - scsi: qla2xxx: Fix improper freeing of purex item - [amd64] iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb - wifi: mac80211: fix CMAC functions not handling errors - [arm64] mfd: mt6397-irq: Fix missing irq_domain_remove() in error path - [arm64] mfd: mt6358-irq: Fix missing irq_domain_remove() in error path - leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM - [arm64] phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() - [arm64] phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth - [arm64] phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits - net: phy: adin1100: Fix software power-down ready condition - cpuset: Treat cpusets in attaching as populated - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() - RAS: Report all ARM processor CPER information to userspace - ima: Handle error code returned by ima_filter_rule_match() - usb: chaoskey: fix locking for O_NONBLOCK - usb: dwc2: disable platform lowlevel hw resources during shutdown - usb: dwc2: fix hang during shutdown if set as peripheral - usb: dwc2: fix hang during suspend if set as peripheral - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE - [riscv64] KVM: Fix guest page fault within HLV* instructions - erofs: limit the level of fs stacking for file-backed mounts - RDMA/bnxt_re: Fix the inline size for GenP7 devices - RDMA/bnxt_re: Pass correct flag for dma mr creation - ASoC: tas2781: correct the wrong period - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() - [arm64] iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables - btrfs: fix leaf leak in an error path in btrfs_del_items() - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition - drm/nouveau: restrict the flush page to a 32-bit address - iomap: factor out a iomap_dio_done helper - iomap: always run error completions in user context - wifi: ieee80211: correct FILS status codes - backlight: led-bl: Add devlink to supplier LEDs - backlight: lp855x: Fix lp855x.h kernel-doc warnings - [arm64] iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal - RDMA/irdma: Fix data race in irdma_sc_ccq_arm - RDMA/irdma: Fix data race in irdma_free_pble - RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY - [arm64] drm/panthor: Avoid adding of kernel BOs to extobj list - gfs2: Prevent recursive memory reclaim - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() - hwmon: sy7636a: Fix regulator_enable resource leak on error path - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 - ublk: prevent invalid access with DEBUG - ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation - of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node - virtio_vdpa: fix misleading return in void function - virtio: fix typo in virtio_device_ready() comment - virtio: fix whitespace in virtio_config_ops - virtio: fix grammar in virtio_queue_info docs - virtio: fix virtqueue_set_affinity() docs - vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues - vhost: Fix kthread worker cgroup failure handling - vdpa/pds: use %pe for ERR_PTR() in event handler registration - [amd64] ASoC: Intel: catpt: Fix error path in hw_params() - [armhf] dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex - resource: replace open coded resource_intersection() - resource: introduce is_type_match() helper and use it - Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" - netfilter: flowtable: check for maximum number of encapsulations in bridge vlan - netfilter: nf_conncount: rework API to use sk_buff directly - netfilter: nft_connlimit: update the count if add was skipped - net: stmmac: fix rx limit check in stmmac_rx_zc() - vfio/pci: Use RCU for error/request triggers to avoid circular locking - net: phy: aquantia: check for NVMEM deferral - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds - [arm64] remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs - md/raid5: fix IO hang when array is broken with IO inflight - net: hsr: remove one synchronize_rcu() from hsr_del_port() - net: hsr: remove synchronize_rcu() from hsr_add_port() - net: hsr: Create and export hsr_get_port_ndev() - net: hsr: create an API to get hsr port type - net: dsa: xrs700x: reject unsupported HSR configurations - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325) - perf tools: Mark split kallsyms DSOs as loaded - perf tools: Fix split kallsyms DSO counting - perf hist: In init, ensure mem_info is put on error paths - [arm64,armhf] pinctrl: single: Fix incorrect type for error return variable - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() - 9p: fix cache/debug options printing in v9fs_show_options - sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out - [amd64] platform/x86:intel/pmc: Update Arrow Lake telemetry GUID - f2fs: keep POSIX_FADV_NOREUSE ranges - f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages - f2fs: fix to avoid running out of free segments - f2fs: add carve_out sysfs node - f2fs: sysfs: add encoding_flags entry - f2fs: introduce reserved_pin_section sysfs entry - f2fs: add gc_boost_gc_multiple sysfs node - f2fs: add gc_boost_gc_greedy sysfs node - f2fs: maintain one time GC mode is enabled during whole zoned GC cycle - NFS: Avoid changing nlink when file removes and attribute updates race - fs/nls: Fix utf16 to utf8 conversion - NFS: Initialise verifiers for visible dentries in readdir and lookup - NFS: Initialise verifiers for visible dentries in nfs_atomic_open() - nfs/vfs: discard d_exact_alias() - NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid - Revert "nfs: ignore SB_RDONLY when remounting nfs" - Revert "nfs: clear SB_RDONLY before getting superblock" - Revert "nfs: ignore SB_RDONLY when mounting nfs" - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags - Expand the type of nfs_fattr->valid - NFS: Fix inheritance of the block sizes when automounting - fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() - [amd64] platform/x86: asus-wmi: use brightness_set_blocking() for kbd led - blk-mq: Abort suspend when wakeup events are pending - block: fix comment for op_is_zone_mgmt() to include RESET_ALL - block: fix memory leak in __blkdev_issue_zero_pages - nvme-auth: use kvfree() for memory allocated with kvcalloc() - drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() - regulator: fixed: Rely on the core freeing the enable GPIO - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events - drm/nouveau: refactor deprecated strcpy - cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 - docs: hwmon: fix link to g762 devicetree binding - dma/pool: eliminate alloc_pages warning in atomic_pool_expand - ALSA: uapi: Fix typo in asound.h comment - drm/amdkfd: Use huge page size to check split svm range alignment - rtc: gamecube: Check the return value of ioremap() - ALSA: firewire-motu: add bounds check in put_user loop for DSP events - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock - block: return unsigned int from queue_dma_alignment - dm-raid: fix possible NULL dereference with undefined raid type - dm log-writes: Add missing set_freezable() for freezable kthread - efi/cper: Add a new helper function to print bitmasks - efi/cper: Adjust infopfx size to accept an extra space - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (CVE-2025-68324) - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() - ocfs2: fix memory leak in ocfs2_merge_rec_left() - net: lan743x: Allocate rings outside ZONE_DMA - net: dst: introduce dst->dev_rcu - tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075) - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt - usb: phy: Initialize struct usb_phy list_head - usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required - ALSA: dice: fix buffer overflow in detect_stream_formats() - ALSA: wavefront: Fix integer overflow in sample size validation . [ Uwe Kleine-König ] * [armhf] Enable LEDS_TURRIS_OMNIA as a module for Turris Omnia LED support. . [ Maxwell Pevner ] * drivers/hid: Enable HID_UNIVERSAL_PIDFF as module (Closes: #1122144) linux-signed-amd64 (6.12.63+1) trixie; urgency=medium . * Sign kernel from linux 6.12.63-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.58 - NFSD: Fix crash in nfsd4_read_release() - net: usb: asix_devices: Check return value of usbnet_get_endpoints - fbcon: Set fb_display[i]->mode to NULL when the mode is released - fbdev: atyfb: Check if pll_ops->init_pll failed - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() - ACPI: button: Call input_free_device() on failing input device registration - virtio-net: drop the multi-buffer XDP packet in zerocopy - fbdev: bitblit: bound-check glyph index in bit_putcs* - Bluetooth: rfcomm: fix modem control handling - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode - mptcp: drop bogus optimization in __mptcp_check_push() - mptcp: restore window probe - [arm64] ASoC: qdsp6: q6asm: do not sleep while atomic - [s390x] pci: Restore IRQ unconditionally for the zPCI device - smb: client: fix potential cfid UAF in smb2_query_info_compound - [amd64] x86/fpu: Ensure XFD state on signal delivery - wifi: ath10k: Fix memory leak on unsupported WMI command - wifi: ath11k: Add missing platform IDs for quirk table - wifi: ath12k: free skb during idr cleanup callback - wifi: ath11k: add support for MU EDCA - wifi: ath11k: avoid bit operation on key flags - [arm64] drm/msm/a6xx: Fix GMU firmware parser - ALSA: usb-audio: fix control pipe direction - wifi: mac80211: don't mark keys for inactive links as uploaded - wifi: mac80211: fix key tailroom accounting leak - bpf: Sync pending IRQ work before freeing ring buffer - scsi: ufs: core: Initialize value of an attribute returned by uic cmd - bpf: Find eligible subprogs for private stack support - bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth - bpf: Do not audit capability check in do_jit() - [amd64] ASoC: Intel: avs: Unprepare a stream when XRUN occurs - [amd64] ASoC: Intel: avs: Disable periods-elapsed work when closing PCM - [arm64,armhf] ASoC: fsl_sai: fix bit order for DSD format - libbpf: Fix powerpc's stack register definition in bpf_tracing.h - usbnet: Prevents free active kevent - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once - Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave - Bluetooth: ISO: Fix BIS connection dst_type handling - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 - Bluetooth: ISO: Fix another instance of dst_type handling - Bluetooth: hci_core: Fix tracking of periodic advertisement - [arm64,armhf] drm/etnaviv: fix flush sequence logic - [arm64] net: hns3: return error code when function fails - sfc: fix potential memory leak in efx_mae_process_mport() - dpll: spec: add missing module-name and clock-id to pin-get reply - [arm64,armhf] ASoC: fsl_sai: Fix sync error in consumer mode - drm/radeon: Do not kfree() devres managed rdev - drm/radeon: Remove calls to drm_put_dev() - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland - ACPI: fan: Use ACPI handle when retrieving _FST - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL - block: make REQ_OP_ZONE_OPEN a write operation - regmap: slimbus: fix bus_context pointer in regmap init calls - [s390x] mm: Fix memory leak in add_marker() when kvrealloc() fails - drm/xe: Do not wake device during a GT reset - drm/sysfb: Do not dereference NULL pointer in plane reset - drm/sched: avoid killing parent entity on child SIGKILL - drm/nouveau: Fix race in nouveau_sched_fini() - [arm64] drm/mediatek: Fix device use-after-free on unbind - drm/amd: Check that VPE has reached DPM0 in idle handler - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (Closes: #1000966) - ACPI: fan: Add fan speed reporting for fans with only _FST - ACPI: fan: Use platform device for devres-related actions - sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU - cpuidle: governors: menu: Rearrange main loop in menu_select() - cpuidle: governors: menu: Select polling state in some more cases - [amd64] mfd: kempld: Switch back to earlier ->init() behavior - [amd64] x86/CPU/AMD: Add RDSEED fix for Zen5 - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. - drm/sched: Optimise drm_sched_entity_push_job - drm/sched: Re-group and rename the entity run-queue lock - drm/sched: Fix race in drm_sched_entity_select_rq() - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump - [s390x] Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs - [arm64] firmware: qcom: scm: preserve assign_mem() error return value - [arm64] soc: qcom: smem: Fix endian-unaware access of num_entries - [arm64] soc: ti: pruss: don't use %pK through printk - bpf: Don't use %pK through printk - pinctrl: single: fix bias pull up/down handling in pin_config_set - [arm64] mmc: host: renesas_sdhi: Fix the actual clock - memstick: Add timeout to prevent indefinite waiting - [arm64,armhf] cpufreq: ti: Add support for AM62D2 - bpf: Use tnums for JEQ/JNE is_branch_taken logic - firewire: ohci: move self_id_complete tracepoint after validating register - [riscv64] irqchip/sifive-plic: Respect mask state when setting affinity - io_uring/zctx: check chained notif contexts - ACPI: sysfs: Use ACPI_FREE() for freeing an ACPI object - ACPI: video: force native for Lenovo 82K8 - libbpf: Fix USDT SIB argument handling causing unrecognized register error - cpufreq/longhaul: handle NULL policy in longhaul_exit - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA - ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] - thermal: gov_step_wise: Allow cooling level to be reduced earlier - power: supply: qcom_battmgr: add OOI chemistry - [amd64] hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models - [amd64] hwmon: (k10temp) Add device ID for Strix Halo - power: supply: sbs-charger: Support multiple devices - cpufreq: ondemand: Update the efficient idle check for Intel extended Families - [arm64,armhf] soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups - [arm64] firmware: qcom: tzmem: disable sc7180 platform - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - pwm: pca9685: Use bulk write to atomicially update registers - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - [amd64,arm64] tee: allow a driver to allocate a tee_device without a pool - nvmet-fc: avoid scheduling association deletion twice - nvme-fc: use lock accessing port_state and rport state - bpf: Do not limit bpf_cgroup_from_id to current's namespace - i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tools/cpupower: fix error return value in cpupower_write_sysfs() - power: supply: qcom_battmgr: handle charging state change notifications - bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 - cpuidle: Fail cpuidle device registration if there is one already - futex: Don't leak robust_list pointer on exec race - ACPI: SPCR: Support Precise Baud Rate field - blk-cgroup: fix possible deadlock while configuring policy - [riscv64] bpf: Fix uninitialized symbol 'retval_off' - bpf: Clear pfmemalloc flag when freeing all fragments - nvme: Use non zero KATO for persistent discovery connections - uprobe: Do not emulate/sstep original instruction when ip is changed - [amd64] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex - [amd64] hwmon: (dell-smm) Remove Dell Precision 490 custom config data - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/power x86_energy_perf_policy: Prefer driver HWP limits - [armhf] mfd: stmpe: Remove IRQ domain upon removal - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE - [riscv64] mfd: da9063: Split chip variant reading in two bus transactions - mfd: core: Increment of_node's refcount before linking it to the platform device - [amd64] mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs - drm/amd/display: fix condition for setting timing_adjust_pending - drm/amd/display: ensure committing streams is seamless - drm/amdgpu: add range check for RAS bad page address - drm/amdgpu: Check vcn sram load return value - drm/amd/display: Move setup_stream_attribute - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration - drm/xe/guc: Add more GuC load error status codes - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. - drm/amdgpu: Avoid rma causes GPU duplicate reset - drm/amd/amdgpu: Release xcp drm memory after unplug - drm/amdgpu: Skip poison aca bank from UE channel - drm/amd/display: add more cyan skillfish devices - drm/amd/display: update dpp/disp clock from smu clock table - drm/amd/pm: Use cached metrics data on aldebaran - drm/amd/pm: Use cached metrics data on arcturus - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - [arm64] ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off - drm/amd/display: Wait until OTG enable state is cleared - PCI: Disable MSI on RDC PCI to PCIe bridges - wifi: rtw89: print just once for unknown C2H events - wifi: rtw88: sdio: use indirect IO for device registers before power-on - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - media: pci: ivtv: Don't create fake v4l2_fh - [arm64] drm/tidss: Use the crtc_* timings when programming the HW - [arm64] drm/tidss: Set crtc modesetting parameters with adjusted mode - PCI/ERR: Update device error_state already after reset - [amd64] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - net: stmmac: Check stmmac_hw_setup() in stmmac_resume() - ice: Don't use %pK through printk or tracepoints - thunderbolt: Use is_pciehp instead of is_hotplug_bridge - tty: serial: ip22zilog: Use platform device for probing - [powerpc*] eeh: Use result of error_detected() in uevent - [s390x] pci: Use pci_uevent_ers() in PCI recovery - bridge: Redirect to backup port when port is administratively down - net: ipv6: fix field-spanning memcpy warning in AH output - media: imon: make send_packet() more robust - [arm64] drm/panthor: Serialize GPU cache flush operations - HID: pidff: Use direction fix only for conditional effects - HID: pidff: PERMISSIVE_CONTROL quirk autodetection - [arm64,armhf] drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts - drm/amdgpu: fix nullptr err of vm_handle_moved - drm/amdkfd: Handle lack of READ permissions in SVM mapping - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - iio: adc: imx93_adc: load calibrated values even calibration failed - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - wifi: rtw89: wow: remove notify during WoWLAN net-detect - wifi: rtw89: fix BSSID comparison for non-transmitted BSSID - dm error: mark as DM_TARGET_PASSES_INTEGRITY - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor - char: misc: Does not request module for miscdevice with dynamic minor - net: When removing nexthops, don't call synchronize_net if it is not necessary - net: stmmac: Correctly handle Rx checksum offload errors - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - f2fs: fix to detect potential corrupted nid in free_nid_list - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - bnxt_en: Add Hyper-V VF ID - tty: serial: Modify the use of dev_err_probe() - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units - [amd64,arm64] idpf: do not linearize big TSO packets - rds: Fix endianness annotation for RDS_MPATH_HASH - media: ipu6: isys: Set embedded data type correctly for metadata formats - rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table - net: ipv4: allow directed broadcast routes to use dst hint - scsi: mpi3mr: Fix I/O failures during controller reset - scsi: mpi3mr: Fix controller init failure on fault during queue creation - scsi: pm80xx: Fix race condition caused by static variables - remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device - fuse: zero initialize inode private data - drm/amdgpu: Correct the counts of nr_banks and nr_errors - drm/amdkfd: fix vram allocation failure for a special case - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - [amd64] platform/x86/intel-uncore-freq: Fix warning in partitioned system - media: fix uninitialized symbol warnings - media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS - [amd64] ASoC: SOF: ipc4-pcm: Add fixup for channels - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting - drm/amd/display: incorrect conditions for failing dto calculations - drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) - inet_diag: annotate data-races in inet_diag_bc_sk() - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() - [amd64] crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() - scsi: pm8001: Use int instead of u32 to store error codes - [arm64] scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on suspend - ptp: Limit time setting of PTP clocks - dmaengine: sh: setup_xref error handling - [arm64,armhf] dmaengine: mv_xor: match alloc_wc and free_wc - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate - drm/amdgpu: Allow kfd CRIU with no buffer objects - drm/xe/guc: Increase GuC crash dump buffer size - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled - [arm64] drm/panthor: check bo offset alignment in vm bind - drm: panel-backlight-quirks: Make EDID match optional - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - media: adv7180: Add missing lock in suspend callback - media: adv7180: Do not write format to device in set_fmt - media: adv7180: Only validate format in querystd - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls for decoders - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - [arm64,armhf] PCI: imx6: Enable the Vaux supply if available - drm/xe/guc: Set upper limit of H2G retries over CTB - net: call cond_resched() less often in __release_sock() - smsc911x: add second read of EEPROM mac when possible corruption seen - [amd64] iommu/amd: Skip enabling command/event buffers for kdump - [amd64] crypto: ccp: Skip SEV and SNP INIT for kdump boot - drm/amd: add more cyan skillfish PCI ids - drm/amdgpu: don't enable SMU on cyan skillfish - drm/amdgpu: add support for cyan skillfish gpu_info - drm/amd/display: Fix pbn_div Calculation Error - [arm64] net: dsa: felix: support phy-mode = "10g-qxgmii" - usb: gadget: f_hid: Fix zero length packet transfer - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget - tty/vt: Add missing return value for VT_RESIZE in vt_ioctl() - [arm64] drm/msm: make sure to not queue up recovery more than once - char: Use list_del_init() in misc_deregister() to reinitialize list pointer - PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list - [amd64] media: ov08x40: Fix the horizontal flip control - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer - f2fs: fix wrong layout information on 16KB page - net: phy: marvell: Fix 88e1510 downshift counter errata - ntfs3: pretend $Extend records as regular files - wifi: mac80211: Fix HE capabilities element check - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 - [arm64] drm/msm/registers: Generate _HI/LO builders for reg64 - net: sh_eth: Disable WoL if system can not suspend - netfilter: nf_reject: don't reply to icmp error messages - [amd64] x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT - net: devmem: expose tcp_recvmsg_locked errors - udp_tunnel: use netdev_warn() instead of netdev_WARN() - HID: asus: add Z13 folio to generic group for multitouch to work - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger - [arm64] crypto: sun8i-ce - remove channel timeout field - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() - [amd64] crypto: ccp - Fix incorrect payload size calculation in psp_poulate_hsti() - [arm64,armhf] crypto: caam - double the entropy delay interval for retry - net/cls_cgroup: Fix task_get_classid() during qdisc run - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device - wifi: mt76: mt7996: Temporarily disable EPCS - wifi: mt76: mt76_eeprom_override to int - ALSA: serial-generic: remove shared static buffer - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl - drm/amd/display: Set up pixel encoding for YCBCR422 - drm/amd/display: fix dml ms order of operations - drm/amd: Avoid evicting resources at S5 - drm/amd/display: Fix DVI-D/HDMI adapters - drm/amd/display: Disable VRR on DCE 6 - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START - page_pool: always add GFP_NOWARN for ATOMIC allocations - ethernet: Extend device_get_mac_address() to use NVMEM - HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 - drm/xe/guc: Return an error code if the GuC load fails - drm/amdgpu: reject gang submissions under SRIOV - scsi: ufs: core: Disable timestamp functionality if not supported - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology - allow finish_no_open(file, ERR_PTR(-E...)) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - f2fs: fix infinite loop in __insert_extent_tree() - wifi: rtw89: obtain RX path from ppdu status IE00 - wifi: rtw89: renew a completion for each H2C command waiting C2H event - usb: xhci-pci: add support for hosts with zero USB3 ports - ipv6: np->rxpmtu race annotation - RDMA/irdma: Update Kconfig - IB/ipoib: Ignore L3 master device - jfs: Verify inode mode when loading from disk - jfs: fix uninitialized waitqueue in transaction manager - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() - [arm64] ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() - net: phy: clear link parameters on admin link down - bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state - [amd64] iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() - wifi: ath10k: Fix connection after GTK rekeying - wifi: mac80211: Track NAN interface start/stop - net: intel: fm10k: Fix parameter idx set but not used - r8169: set EEE speed down ratio to 1 - vfio: return -ENOTTY for unsupported device feature - PCI/PM: Skip resuming to D0 if device is disconnected - remoteproc: qcom: q6v5: Avoid handling handover twice - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 - [armhf] net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463 - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream - drm/amd/display: Init dispclk from bootup clock for DCN314 - drm/amd/display: Fix for test crash due to power gating - drm/amd/display: change dc stream color settings only in atomic commit - NFSv4: handle ERR_GRACE on delegation recalls - NFSv4.1: fix mount hang after CREATE_SESSION failure - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing - net: bridge: Install FDB for bridge MAC on VLAN 0 - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() - [amd64] accel/habanalabs/gaudi2: fix BMON disable configuration - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate - [amd64] accel/habanalabs: return ENOMEM if less than requested pages were pinned - [amd64] accel/habanalabs/gaudi2: read preboot status after recovering from dirty state - [amd64] accel/habanalabs: support mapping cb with vmalloc-backed coherent memory - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock - ext4: increase IO priority of fastcommit - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw - [armhf] ASoC: stm32: sai: manage context in set_sysclk callback - [armhf] ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 - ACPI: scan: Update honor list for RPMI System MSI - vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices - net/mlx5e: Don't query FEC statistics when FEC is disabled - net: macb: avoid dealing with endianness in macb_set_hwaddr() - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames - Bluetooth: SCO: Fix UAF on sco_conn_free - Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922 - Bluetooth: bcsp: receive data only if registered - ALSA: usb-audio: add mono main switch to Presonus S1824c - net: stmmac: est: Drop frames causing HLBS error - exfat: limit log print for IO error - exfat: validate cluster allocation bits of the allocation bitmap - 6pack: drop redundant locking and refcounting - page_pool: Clamp pool size to max 16K pages - orangefs: fix xattr related buffer overflow... - ftrace: Fix softlockup in ftrace_module_enable - ksmbd: use sock_create_kern interface to create kernel socket - smb: client: transport: avoid reconnects triggered by pending task work - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr - usb: xhci-pci: Fix USB2-only root hub registration - char: misc: restrict the dynamic range to exclude reserved minors - drm/amd/display: Add fallback path for YCBCR422 - ACPICA: Update dsmethod.c to get rid of unused variable warning - RDMA/irdma: Fix SD index calculation - RDMA/irdma: Remove unused struct irdma_cq fields - RDMA/irdma: Set irdma_cq cq_num field during CQ create - [arm64] RDMA/hns: Fix recv CQ and QP cache affinity - [arm64] RDMA/hns: Fix the modification of max_send_sge - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around - btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation - btrfs: mark dirty extent range for out of bound prealloc extents - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - clk: sunxi-ng: sun6i-rtc: Add A523 specifics - [arm64] rtc: pcf2127: clear minute/second interrupt - 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled - [arm64] clk: scmi: Add duty cycle ops only when duty cycle is supported - 9p: fix /sys/fs/9p/caches overwriting itself - 9p: sysfs_init: don't hardcode error to ENOMEM - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS - ACPI: property: Return present device nodes only on fwnode interface - tools bitmap: Add missing asm-generic/bitsperlong.h include - tools: lib: thermal: don't preserve owner in install - tools: lib: thermal: use pkg-config to locate libnl3 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds - [arm64] rtc: pcf2127: fix watchdog interrupt mask on pcf2131 - net: wwan: t7xx: add support for HP DRMR-H01 - kbuild: uapi: Strip comments before size type check - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity - drm/amdkfd: Fix mmap write lock not release - ceph: add checking of wait_for_completion_killable() return value - ceph: fix potential race condition in ceph_ioctl_lazyio() - ceph: refactor wake_up_bit() pattern of calling - ceph: fix multifs mds auth caps issue - [amd64] x86: use cmov for user address masking - [amd64] x86/runtime-const: Add the RUNTIME_CONST_PTR assembly macro - [amd64] x86: uaccess: don't use runtime-const rewriting in modules - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again - btrfs: ensure no dirty metadata is written back for an fs with errors - media: uvcvideo: Use heuristic to find stream entity - media: videobuf2: forbid remove_bufs when legacy fileio is active - [arm64] drm/mediatek: Disable AFBC support on Mediatek DRM driver - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Closes: #1120680) - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up - [riscv64] ptdump: use seq_puts() in pt_dump_seq_puts() macro - Bluetooth: hci_event: validate skb length for unknown CC opcode - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() - [armhf] net: dsa: tag_brcm: legacy: reorganize functions - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx - net: vlan: sync VLAN features with lower device - gpio: swnode: don't use the swnode's name as the key for GPIO lookup - gpiolib: fix invalid pointer access in debugfs - [armhf] net: dsa: b53: fix resetting speed and pause on forced link - [armhf] net: dsa: b53: fix bcm63xx RGMII port link adjustment - [armhf] net: dsa: b53: fix enabling ip multicast - [armhf] net: dsa: b53: stop reading ARL entries if search is done - sctp: Hold RCU read lock while iterating over address list - sctp: Prevent TOCTOU out-of-bounds write - sctp: Hold sock lock while iterating over address list - net: ionic: add dma_wmb() before ringing TX doorbell - net: ionic: map SKB after pseudo-header checksum prep - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup - bnxt_en: Fix a possible memory leak in bnxt_ptp_init - bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type - bnxt_en: Refactor bnxt_free_ctx_mem() - bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem() - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup - net/mlx5e: Fix return value in case of module EEPROM read error - [arm64] net: ti: icssg-prueth: Fix fdb hash size configuration - net/mlx5e: SHAMPO, Fix skb size check for 64K pages - [armhf] net: dsa: microchip: Fix reserved multicast address table programming - net: bridge: fix use-after-free due to MST port state bypass - net: bridge: fix MST static key usage - tracing: Fix memory leaks in create_field_var() - drm/amd/display: Enable mst when it's detected but yet to be initialized - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() - [arm64] rtc: rx8025: fix incorrect register reference - [amd64] x86/microcode/AMD: Add more known models to entry sign checking - smb: client: validate change notify buffer before copy - smb: client: fix potential UAF in smb2_close_cached_fid() - drm/amdgpu/smu: Handle S0ix for vangogh - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments - virtio-net: fix received length check in big packets - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL - scsi: ufs: core: Add a quirk to suppress link_startup_again - drm/amd/display: update color on atomic commit time - ACPI: SPCR: Check for table version when using precise baudrate - drm/amdgpu: Fix unintended error log in VCN5_0_0 - drm/amdgpu: Fix function header names in amdgpu_connectors.c - drm/amd/display: Fix black screen with HDMI outputs https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.59 - [arm64] drm/mediatek: Add pm_runtime support for GCE power control - [amd64] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD - [amd64] drm/i915: Fix conversion between clock ticks and nanoseconds - smb: client: fix refcount leak in smb2_set_path_attr - drm/amd: Fix suspend failure with secure display TA - drm/xe/guc: Synchronize Dead CT worker with unbind - drm/xe: Move declarations under conditional branch - drm/xe: Do clean shutdown also when using flr - [arm64] kprobes: check the return value of set_memory_rox() - [riscv64] clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors - [riscv64] acpi: avoid errors caused by probing DT devices when ACPI is used - drm/amdgpu: remove two invalid BUG_ON()s - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices - NFS4: Fix state renewals missing after boot - NFS4: Apply delay_retrans to async operations - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - HID: nintendo: Wait longer for initial probe - NFS: check if suid/sgid was cleared after a write as needed - HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel - exfat: fix improper check of dentry.stream.valid_size - smb/server: fix possible memory leak in smb2_read() - smb/server: fix possible refcount leak in smb2_sess_setup() - HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() - erofs: avoid infinite loop due to incomplete zstd-compressed data - [arm64,armhf] net: fec: correct rx_bytes statistic for the case SHIFT16 is set - net: phy: micrel: Introduce lanphy_modify_page_reg - net: phy: micrel: Replace hardcoded pages with defines - net: phy: micrel: lan8814 fix reset of the QSGMII interface - NFSD: Skip close replay processing if XDR encoding fails - Bluetooth: MGMT: cancel mesh send timer when hdev removed - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto - net/smc: fix mismatch between CLC header and proposal - net/handshake: Fix memory leak in tls_handshake_accept() - tipc: Fix use-after-free in tipc_mon_reinit_self(). - net: mdio: fix resource leak in mdiobus_register_device() - wifi: mac80211: skip rate verification for not captured PSDUs - af_unix: Initialise scc_index in unix_add_edge(). - net_sched: act_connmark: use RCU in tcf_connmark_dump() - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak - net/mlx5e: Fix maxrate wraparound in threshold between units - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix potentially misleading debug message - net_sched: limit try_bulk_dequeue_skb() batches - virtio-net: fix incorrect flags recording in big mode - hsr: Fix supervision frame sending on HSRv0 - [amd64] ACPI: CPPC: Detect preferred core availability on online CPUs - [amd64] ACPI: CPPC: Check _CPC validity for only the online CPUs - [amd64] ACPI: CPPC: Perform fast check switch only for online CPUs - [amd64] ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs - Bluetooth: L2CAP: export l2cap_chan_hold for modules - acpi,srat: Fix incorrect device handle check for Generic Initiator - regulator: fixed: fix GPIO descriptor leak on register failure - [arm64] ASoC: codecs: va-macro: fix resource leak in probe error path - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE - ASoC: tas2781: fix getting the wrong device number - pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() - pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS - simplify nfs_atomic_open_v23() - NFSv2/v3: Fix error handling in nfs_atomic_open_v23() - NFS: sysfs: fix leak when nfs_client kobject add fails - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() - NFS: Fix LTP test failures when timestamps are delegated - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd - acpi/hmat: Fix lockdep warning for hmem_register_resource() - bpf: Add bpf_prog_run_data_pointers() - bpf: account for current allocated stack depth in widen_imprecise_scalars() - [riscv64] irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path - proc: fix the issue of proc_mem_open returning NULL - ext4: introduce ITAIL helper - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) - Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) - f2fs: fix to avoid overflow while left shift operation (CVE-2025-40077) - hostfs: Fix only passing host root in boot stage with new mount - virtio-fs: fix incorrect check for fsvq->kobj - fs/namespace: correctly handle errors returned by grab_requested_mnt_ns - sched_ext: Fix unsafe locking in the scx_dump_state() - Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678) - [arm64] dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 - [arm64] dts: rockchip: Make RK3588 GPU OPP table naming less generic - [armhf] dts: imx51-zii-rdu1: Fix audmux node names - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() - HID: playstation: Fix memory leak in dualshock4_get_calibration_data() - HID: uclogic: Fix potential memory leak in error path - [amd64] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated - nfsd: fix refcount leak in nfsd_set_fh_dentry() (CVE-2025-40212) - nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes - NFSD: free copynotify stateid in nfs4_free_ol_stateid() - ksmbd: close accepted socket when per-IP limit rejects connection - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item - strparser: Fix signed/unsigned mismatch bug - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe - nilfs2: avoid having an active sc_timer before freeing sci - wifi: mac80211: reject address change while connecting - fs/proc: fix uaf in proc_readdir_de() - mm/mm_init: fix hash table order logging in alloc_large_system_hash() - mm/shmem: fix THP allocation and fallback loop - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 - mmc: dw_mmc-rockchip: Fix wrong internal phase calculate - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer - cifs: client: fix memory leak in smb3_fs_context_parse_param - codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext - crash: fix crashkernel resource shrink - smb: client: fix cifs_pick_channel when channel needs reconnect - spi: Try to get ACPI GPIO IRQ earlier - [amd64] x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev - ftrace: Fix BPF fexit with livepatch - PM: hibernate: Emit an error when image writing fails - PM: hibernate: Use atomic64_t for compressed_size variable - btrfs: zoned: fix conventional zone capacity calculation - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() - btrfs: do not update last_log_commit when logging inode due to a new name - btrfs: release root after error in data_reloc_print_warning_inode() - drm/amdkfd: relax checks for over allocation of save area - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration failure - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove - [arm64,armhf] pmdomain: samsung: plug potential memleak during probe - mptcp: fix MSG_PEEK stream corruption - wifi: cfg80211: add an hrtimer based delayed work item - wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work - mm, percpu: do not consider sleepable allocations atomic - [amd64] KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() - [amd64] KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file - [amd64] KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying - net: netpoll: Individualize the skb pool - net: netpoll: flush skb pool during cleanup - net: netpoll: fix incorrect refcount handling causing incorrect cleanup - [amd64] KVM: VMX: Split out guts of EPT violation to common/exposed function - [amd64] KVM: VMX: Fix check for valid GVA on an EPT violation - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (CVE-2025-40097) - io_uring/napi: fix io_napi_entry RCU accesses - uio_hv_generic: Set event for all channels on the device (Closes: #1120602) - mm/memory: do not populate page table entries beyond i_size - mm/truncate: unmap large folio on split failure - mm/secretmem: fix use-after-free race in fault handler - mm/huge_memory: do not change split_huge_page*() target order silently - mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() - net: phy: micrel: Fix lan8814_config_init - net: netpoll: ensure skb_pool list is always initialized - proc: proc_maps_open allow proc_mem_open to return NULL - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CVE-2025-40213) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.60 - [arm64] KVM: arm64: Check the untrusted offset in FF-A memory share - timers: Fix NULL function pointer race in timer_shutdown_sync() - HID: amd_sfh: Stop sensor before starting - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Closes: #1114557) - [arm64] dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 - mtdchar: fix integer overflow in read/write ioctls - isofs: check the return value of sb_min_blocksize() in isofs_fill_super - shmem: fix tmpfs reconfiguration (remount) when noswap is set - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector - mptcp: Disallow MPTCP subflows from sockmap - mptcp: Fix proto fallback detection with BPF - ata: libata-scsi: Fix system suspend for a security locked drive - smb: client: introduce close_cached_dir_locked() - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() - be2net: pass wrb_params in case of OS2BMC - [armhf] net: dsa: microchip: lan937x: Fix RGMII delay tuning - [arm64,armhf] Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" - Input: cros_ec_keyb - fix an invalid memory access - Input: goodix - add support for ACPI ID GDIX1003 - Input: pegasus-notetaker - fix potential out-of-bounds access - mm/mempool: fix poisoning order>0 pages with HIGHMEM - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() - scsi: sg: Do not sleep in atomic context - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups - mptcp: fix race condition in mptcp_schedule_work() - mptcp: fix ack generation for fallback msk - mptcp: fix duplicate reset on fastclose - mptcp: fix premature close in case of fallback - mptcp: avoid unneeded subflow-level drops - mptcp: decouple mptcp fastclose from tcp close - mptcp: do not fallback when OoO is present - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple() - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock - drm/amd: Skip power ungate during suspend for VPE - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled - drm/amd/display: Increase DPCD read retries - drm/amd/display: Move sleep into each retry for retrieve_link_cap() - drm/amd/display: Fix pbn to kbps Conversion - drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 - xfrm: drop SA reference in xfrm_state_update if dir doesn't match - xfrm: set err and extack on failure to create pcpu SA - xfrm: Determine inner GSO type from packet inner protocol - xfrm: Prevent locally generated packets from direct output in tunnel mode - [amd64] pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - [arm64,armhf] drm/tegra: Add call to put_pid() - net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() - net: openvswitch: remove never-working support for setting nsh fields - nvme-multipath: fix lockdep WARN due to partition scan work - [s390x] ctcm: Fix double-kfree - [amd64] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - [amd64,arm64] idpf: fix possible vport_config NULL pointer deref in remove - ice: fix PTP cleanup on driver removal in error path - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy - net/mlx5: Clean up only new IRQ glue on request_irq() failure - af_unix: Cache state->msg in unix_stream_read_generic(). - af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). - cifs: fix memory leak in smb3_fs_context_parse_param error path - vsock: Ignore signal/timeout on connect() if already established - bcma: don't register devices disabled in OF - cifs: fix typo in enable_gcm_256 module parameter - scsi: core: Fix a regression triggered by scsi_host_busy() - [amd64] x86/microcode/AMD: Limit Entrysign signature checking to known generations - net: tls: Change async resync helpers argument - blk-crypto: use BLK_STS_INVAL for alignment errors - net: tls: Cancel RX async resync request on rcd_delta overflow - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check - [arm64] KVM: arm64: Make all 32bit ID registers fully writable - drm/xe: Prevent BIT() overflow when handling invalid prefetch region - [s390x] mm: Fix __ptep_rdp() inline assembly - ALSA: usb-audio: fix uac2 clock source at terminal parser - tracing/tools: Fix incorrcet short option in usage text for --threads - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough - smb: client: fix incomplete backport in cfids_invalidation_worker() - tty/vt: fix up incorrect backport to stable releases - maple_tree: fix tracepoint string pointers - [amd64] drm/i915/dp_mst: Disable Panel Replay - mptcp: fix a race in mptcp_pm_del_add_timer() - xfs: Replace strncpy with memcpy - xfs: fix out of bounds memory read error in symlink repair - drm/amd/display: avoid reset DTBCLK at clock init - drm/amd/display: disable DPP RCG before DPP CLK enable - drm/amd/display: Insert dccg log for easy debug - drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched - Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.61 - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface - Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind - Bluetooth: SMP: Fix not generating mackey and ltk when repairing - net: sched: generalize check for no-queue qdisc on TX queue - veth: apply qdisc backpressure on full ptr_ring to reduce TX drops - veth: prevent NULL pointer dereference in veth_xdp_rcv - veth: more robust handing of race to avoid txq getting stuck - veth: reduce XDP no_direct return section to fix race - [amd64] platform/x86: intel: punit_ipc: fix memory corruption - net: aquantia: Add missing descriptor cache invalidation on ATL2 - net: lan966x: Fix the initialization of taprio - drm/xe: Fix conversion from clock ticks to milliseconds - net/mlx5e: Fix validation logic in rate limiting - team: Move team device type change at the end of team_port_add - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling - net: wwan: mhi: Keep modem name match with Foxconn T99W640 - net: atlantic: fix fragment overflow handling in RX path - [arm64,armhf] net: fec: cancel perout_timer when PEROUT is disabled - [arm64,armhf] net: fec: do not update PEROUT if it is enabled - [arm64,armhf] net: fec: do not allow enabling PPS and PEROUT simultaneously - [arm64,armhf] net: fec: do not register PPS event for PEROUT - iio: st_lsm6dsx: Fixed calibrated timestamp calculation - [arm64] mailbox: mtk-cmdq: Refine DMA address handling for the command buffer - mailbox: pcc: Refactor error handling in irq handler into separate function - mailbox: pcc: don't zero error register - fs/namespace: fix reference leak in grab_requested_mnt_ns - spi: spi-mem: Allow specifying the byte order in Octal DTR mode - spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency - spi: spi-mem: Add a new controller capability - [arm64] spi: nxp-fspi: Support per spi-mem operation frequency switches - [arm64] spi: spi-nxp-fspi: remove the goto in probe - [arm64] spi: spi-nxp-fspi: Add OCT-DTR mode support - [arm64] spi: nxp-fspi: Propagate fwnode in ACPI case as well - Revert "drm/amd/display: Move setup_stream_attribute" - [amd64] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - iio: buffer-dma: support getting the DMA channel - iio: buffer-dmaengine: enable .get_dma_dev() - iio: buffer: support getting dma channel from the buffer - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411) - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 - [arm64] dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref - can: sja1000: fix max irq loop handling - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling - ceph: fix crash in process_v2_sparse_read() for encrypted directories - dm-verity: fix unreliable memory allocation - drivers/usb/dwc3: fix PCI parent check - smb: client: fix memory leak in cifs_construct_tcon() - [amd64] thunderbolt: Add support for Intel Wildcat Lake - [arm64] slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves - nvmem: layouts: fix nvmem_layout_bus_uevent - firmware: stratix10-svc: fix bug in saving controller data - mm/memfd: fix information leak in hugetlb folios - mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level - mptcp: clear scheduled subflows on retransmit - mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). - [arm*] serial: amba-pl011: prefer dma_mapping_error() over explicit address checking - usb: cdns3: Fix double resource release in cdns3_pci_probe - usb: gadget: f_eem: Fix memory leak in eem_unwrap - usb: storage: Fix memory leak in USB bulk transport - USB: storage: Remove subclass and protocol overrides from Novatek quirk - usb: storage: sddr55: Reject out-of-bound new_pba - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer - [amd64,arm64] usb: dwc3: pci: add support for the Intel Nova Lake -S - [amd64,arm64] usb: dwc3: pci: Sort out the Intel device IDs - [amd64,arm64] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths - xhci: fix stale flag preventig URBs after link state error is cleared - xhci: dbgtty: Fix data corruption when transmitting data form DbC to host - xhci: dbgtty: fix device unregister - USB: serial: ftdi_sio: add support for u-blox EVK-M101 - USB: serial: option: add support for Rolling RW101R-GL - drm: sti: fix device leaks at component probe - drm/amd/amdgpu: reserve vm invalidation engine for uni_mes - drm/amd/display: Check NULL before accessing - drm/amd/display: Don't change brightness for disabled connectors - [armhf] net: dsa: microchip: common: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: ptp: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: Don't free uninitialized ksz_irq - libceph: fix potential use-after-free in have_mon_and_osd_map() - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() - libceph: replace BUG_ON with bounds check for map->max_osd - staging: rtl8712: Remove driver using deprecated API wext - nfsd: Replace clamp_t in nfsd4_get_drc_mem() - usb: typec: ucsi: psy: Set max current to zero when disconnected - usb: udc: Add trace event for usb_gadget_set_state - usb: gadget: udc: fix use-after-free in usb_gadget_state_work - mm/huge_memory: fix NULL pointer deference when splitting folio - [amd64] KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() - [amd64] KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() - [amd64] KVM: nSVM: Fix and simplify LBR virtualization handling with nested - [amd64] KVM: SVM: Fix redundant updates of LBR MSR intercepts - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup - [armhf] net: dsa: microchip: Do not execute PTP driver code for unsupported switches - [armhf] net: dsa: microchip: Free previously initialized ports on init failures - wifi: ath12k: correctly handle mcast packets for clients - Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" - [amd64] drm/i915/dp: Initialize the source OUI write timestamp always - [arm64] spi: spi-nxp-fspi: Check return value of devm_mutex_init() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.62 - xfrm: delete x->tunnel as we delete x - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added - xfrm: flush all states in xfrm_state_fini - Documentation: process: Also mention Sasha Levin as stable tree maintainer - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted - ext4: refresh inline data size before write operations - ksmbd: ipc: fix use-after-free in ipc_msg_send_request - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() - [amd64] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced - USB: serial: option: add Foxconn T99W760 - USB: serial: option: add Telit Cinterion FE910C04 new compositions - USB: serial: option: move Telit 0x10c7 composition in the right place - USB: serial: ftdi_sio: match on interface number for jtag - serial: add support of CPCI cards - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() - [arm64,armhf] ipi: imx: keep dma request disabled before dma transfer setup - drm/vmwgfx: Use kref in vmw_bo_dirty - Bluetooth: btrtl: Avoid loading the config file on security chips - smb: fix invalid username check in smb3_fs_context_parse_param() - drm/amdkfd: Fix GPU mappings for APU after prefetch - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series - bfs: Reconstruct file type when loading from disk - HID: hid-input: Extend Elan ignore battery quirk to USB - nvme: fix admin request_queue lifetime - [arm64] pinctrl: qcom: msm: Fix deadlock in pinmux configuration - [amd64] platform/x86: acer-wmi: Ignore backlight event - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list - [amd64] platform/x86: huawei-wmi: add keys for HONOR models - [amd64] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list - [amd64] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally - HID: elecom: Add support for ELECOM M-XT3URBK (018F) - wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 - [amd64] comedi: check device's attached status in compat ioctls - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing - bus: mhi: host: pci_generic: Add Telit FN920C04 modem support - bus: mhi: host: pci_generic: Add Telit FN990B40 modem support https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.63 - [arm64,armhf] gpu: host1x: Fix race in syncpt alloc/free - [amd64] accel/ivpu: Prevent runtime suspend during context abort work - [amd64] accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail - [amd64] accel/ivpu: Make function parameter names consistent - [amd64] accel/ivpu: Fix DCT active percent format - drm/vgem-fence: Fix potential deadlock on release - USB: Fix descriptor count when handling invalid MBIM extended descriptor - [arm64] pinctrl: renesas: rzg2l: Fix PMC restore - [arm64] clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback - [arm64] clk: renesas: Use str_on_off() helper - [arm64] clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register - [arm64] clk: renesas: cpg-mssr: Read back reset registers to assure values latched - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() - objtool: Fix standalone --hacks=jump_label - objtool: Fix weak symbol detection - wifi: ath10k: Avoid vdev delete timeout when firmware is already down - wifi: ath10k: Add missing include of export.h - wifi: ath10k: move recovery check logic into a new work - wifi: ath11k: restore register window after global reset - sched/fair: Forfeit vruntime on yield - [arm*] irqchip/irq-brcmstb-l2: Fix section mismatch - [arm64,armhf] irqchip/imx-mu-msi: Fix section mismatch - [arm64] irqchip/renesas-rzg2l: Fix section mismatch - [riscv64] irqchip/starfive-jh8100: Fix section mismatch - [arm64] irqchip/qcom-irq-combiner: Fix section mismatch - crypto: authenc - Correctly pass EINPROGRESS back up to the caller - ntfs3: fix uninit memory after failed mi_read in mi_format_new - ntfs3: Fix uninit buffer allocated by __getname() - dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets - dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets - clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets - rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() - inet: Avoid ehash lookup race in inet_ehash_insert() - inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() - firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc - block/mq-deadline: Introduce dd_start_request() - block/mq-deadline: Switch back to a single dispatch list - [arm64] dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props - [arm64] dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl - [arm64] dts: imx8mp-venice-gw702x: remove off-board uart - [arm64] dts: imx8mp-venice-gw702x: remove off-board sdhc1 - perf annotate: Check return value of evsel__get_arch() properly - [arm64] dts: exynos: gs101: fix sysreg_apm reg property - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe - soc: Switch back to struct platform_driver::remove() - [arm64] soc: qcom: gsbi: fix double disable caused by devm - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id - wifi: ath11k: fix VHT MCS assignment - wifi: ath11k: fix peer HE MCS assignment - [s390x] smp: Fix fallback CPU detection - [s390x] ap: Don't leak debug feature files if AP instructions are not available - [arm64] dts: ti: k3-am62p: Fix memory ranges for GPU - firmware: imx: scu-irq: fix OF node leak in - [arm64] dts: qcom: x1e80100: Fix compile warnings for USB HS controller - [arm64] dts: qcom: x1e80100: Add missing quirk for HS only USB controller - [arm64] dts: qcom: sdm845-oneplus: Correct gpio used for slider - [arm64] dts: qcom: sm8650: set ufs as dma coherent - [arm64] dts: qcom: qcm6490-shift-otter: Add missing reserved-memory - phy: mscc: Fix PTP for VSC8574 and VSC8572 - sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure - Revert "mtd: rawnand: marvell: fix layouts" - [arm64,armhf] mtd: nand: relax ECC parameter validation check - perf: Remove get_perf_callchain() init_nr argument - bpf: Refactor stack map trace depth calculation into helper function - bpf: Fix stackmap overflow check in __bpf_get_stackid() - [amd64] perf/x86/intel/cstate: Remove PC3 support from LunarLake - task_work: Fix NMI race condition - [amd64] x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() - tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set - [arm64] soc: qcom: smem: fix hwspinlock resource leak in probe error paths - [armhf] pinctrl: stm32: fix hwspinlock resource leak in probe function - i3c: fix refcount inconsistency in i3c_master_register - i3c: master: svc: Prevent incomplete IBI transaction - wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() - [arm64] interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS - [arm64] dts: qcom: msm8996: add interconnect paths to USB2 controller - interconnect: debugfs: Fix incorrect error handling for NULL path - drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() - perf lock contention: Load kernel map before lookup - perf record: skip synthesize event when open evsel failed - power: supply: rt5033_charger: Fix device node reference leaks - power: supply: cw2015: Check devm_delayed_work_autocancel() return code - power: supply: max17040: Check iio_read_channel_processed() return code - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() - power: supply: wm831x: Check wm831x_set_bits() return value - power: supply: apm_power: only unset own apm_get_power_status - scsi: target: Do not write NUL characters into ASCII configfs output - fs/9p: Don't open remote file with APPEND mode when writeback cache is used - [arm64] drm/panthor: Handle errors returned by drm_sched_entity_init() - [arm64] drm/panthor: Fix group_free_queue() for partially initialized queues - [arm64] drm/panthor: Fix UAF race between device unplug and FW event processing - [arm64] drm/panthor: Fix race with suspend during unplug - [arm64] drm/panthor: Fix UAF on kernel BO VA nodes - libbpf: Fix parsing of multi-split BTF - [armhf] dts: am335x-netcom-plus-2xx: add missing GPIO labels - [armhf] dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible - [armhf] dts: omap3: n900: Correct obsolete TWL4030 power compatible - [amd64] x86/boot: Fix page table access in 5-level to 4-level paging transition - efi/libstub: Fix page table access in 5-level to 4-level paging transition - ext4: correct the checking of quota files before moving extents - [amd64] perf/x86/intel: Correct large PEBS flag check - regulator: core: disable supply if enabling main regulator fails - md: fix rcu protection in md_wakeup_thread - nbd: defer config put in recv_work - scsi: stex: Fix reboot_notifier leak in probe error path - scsi: smartpqi: Fix device resources accessed after device removal - dt-bindings: PCI: amlogic: Fix the register name of the DBI region - RDMA/rtrs: server: Fix error handling in get_or_create_srv - ntfs3: init run lock for extend inode - [arm64] drm/panthor: Fix potential memleak of vma structure - scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() - [amd64] cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs - [powerpc*] kdump: Fix size calculation for hot-removed memory ranges - [powerpc*] 32: Fix unpaired stwcx. on interrupt exit - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() - nbd: defer config unlock in nbd_genl_connect - coresight: Change device mode to atomic type - [arm64] coresight: etm4x: Correct polling IDLE bit - [arm64] coresight: etm4x: Extract the trace unit controlling - [arm64] coresight: etm4x: Add context synchronization before enabling trace - lib/vsprintf: Check pointer before dereferencing in time_and_date() - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() - scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls - leds: netxbig: Fix GPIO descriptor leak in error paths - bpf: Free special fields when update [lru_,]percpu_hash maps - PCI: keystone: Exit ks_pcie_probe() for invalid mode - [arm64] dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C - [amd64] crypto: iaa - Fix incorrect return value in save_iaa_wq() - [arm64] drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype - ps3disk: use memcpy_{from,to}_bvec index - bpf: Handle return value of ftrace_set_filter_ip in register_fentry - bpf: Check skb->transport_header is set in bpf_skb_check_mtu - watchdog: wdat_wdt: Fix ACPI table leak in probe function - watchdog: starfive: Fix resource leak in probe error path - tracefs: fix a leak in eventfs_create_events_dir() - NFSD/blocklayout: Fix minlength check in proc_layoutget - block/blk-throttle: Fix throttle slice time for SSDs - [arm64] drm/msm/a2xx: stop over-complaining about the legacy firmware - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() - bpf: Fix invalid prog->stats access when update_effective_progs fails - [powerpc*] 64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit - [powerpc*] 64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format - fs/ntfs3: out1 also needs to put mi - fs/ntfs3: Prevent memory leaks in add sub record - [arm64] drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue - [arm64] drm/msm/a6xx: Flush LRZ cache before PT switch - [arm64] drm/msm/a6xx: Fix the gemnoc workaround - [arm64] drm/msm/a6xx: Improve MX rail fallback in RPMH vote init - ipv6: clear RA flags when adding a static route (Closes: #1117959) - pwm: bcm2835: Make sure the channel is enabled after pwm_request() - scsi: qla2xxx: Fix improper freeing of purex item - [amd64] iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb - wifi: mac80211: fix CMAC functions not handling errors - [arm64] mfd: mt6397-irq: Fix missing irq_domain_remove() in error path - [arm64] mfd: mt6358-irq: Fix missing irq_domain_remove() in error path - leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM - [arm64] phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() - [arm64] phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth - [arm64] phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits - net: phy: adin1100: Fix software power-down ready condition - cpuset: Treat cpusets in attaching as populated - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() - RAS: Report all ARM processor CPER information to userspace - ima: Handle error code returned by ima_filter_rule_match() - usb: chaoskey: fix locking for O_NONBLOCK - usb: dwc2: disable platform lowlevel hw resources during shutdown - usb: dwc2: fix hang during shutdown if set as peripheral - usb: dwc2: fix hang during suspend if set as peripheral - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE - [riscv64] KVM: Fix guest page fault within HLV* instructions - erofs: limit the level of fs stacking for file-backed mounts - RDMA/bnxt_re: Fix the inline size for GenP7 devices - RDMA/bnxt_re: Pass correct flag for dma mr creation - ASoC: tas2781: correct the wrong period - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() - [arm64] iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables - btrfs: fix leaf leak in an error path in btrfs_del_items() - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition - drm/nouveau: restrict the flush page to a 32-bit address - iomap: factor out a iomap_dio_done helper - iomap: always run error completions in user context - wifi: ieee80211: correct FILS status codes - backlight: led-bl: Add devlink to supplier LEDs - backlight: lp855x: Fix lp855x.h kernel-doc warnings - [arm64] iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal - RDMA/irdma: Fix data race in irdma_sc_ccq_arm - RDMA/irdma: Fix data race in irdma_free_pble - RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY - [arm64] drm/panthor: Avoid adding of kernel BOs to extobj list - gfs2: Prevent recursive memory reclaim - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() - hwmon: sy7636a: Fix regulator_enable resource leak on error path - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 - ublk: prevent invalid access with DEBUG - ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation - of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node - virtio_vdpa: fix misleading return in void function - virtio: fix typo in virtio_device_ready() comment - virtio: fix whitespace in virtio_config_ops - virtio: fix grammar in virtio_queue_info docs - virtio: fix virtqueue_set_affinity() docs - vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues - vhost: Fix kthread worker cgroup failure handling - vdpa/pds: use %pe for ERR_PTR() in event handler registration - [amd64] ASoC: Intel: catpt: Fix error path in hw_params() - [armhf] dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex - resource: replace open coded resource_intersection() - resource: introduce is_type_match() helper and use it - Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" - netfilter: flowtable: check for maximum number of encapsulations in bridge vlan - netfilter: nf_conncount: rework API to use sk_buff directly - netfilter: nft_connlimit: update the count if add was skipped - net: stmmac: fix rx limit check in stmmac_rx_zc() - vfio/pci: Use RCU for error/request triggers to avoid circular locking - net: phy: aquantia: check for NVMEM deferral - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds - [arm64] remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs - md/raid5: fix IO hang when array is broken with IO inflight - net: hsr: remove one synchronize_rcu() from hsr_del_port() - net: hsr: remove synchronize_rcu() from hsr_add_port() - net: hsr: Create and export hsr_get_port_ndev() - net: hsr: create an API to get hsr port type - net: dsa: xrs700x: reject unsupported HSR configurations - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325) - perf tools: Mark split kallsyms DSOs as loaded - perf tools: Fix split kallsyms DSO counting - perf hist: In init, ensure mem_info is put on error paths - [arm64,armhf] pinctrl: single: Fix incorrect type for error return variable - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() - 9p: fix cache/debug options printing in v9fs_show_options - sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out - [amd64] platform/x86:intel/pmc: Update Arrow Lake telemetry GUID - f2fs: keep POSIX_FADV_NOREUSE ranges - f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages - f2fs: fix to avoid running out of free segments - f2fs: add carve_out sysfs node - f2fs: sysfs: add encoding_flags entry - f2fs: introduce reserved_pin_section sysfs entry - f2fs: add gc_boost_gc_multiple sysfs node - f2fs: add gc_boost_gc_greedy sysfs node - f2fs: maintain one time GC mode is enabled during whole zoned GC cycle - NFS: Avoid changing nlink when file removes and attribute updates race - fs/nls: Fix utf16 to utf8 conversion - NFS: Initialise verifiers for visible dentries in readdir and lookup - NFS: Initialise verifiers for visible dentries in nfs_atomic_open() - nfs/vfs: discard d_exact_alias() - NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid - Revert "nfs: ignore SB_RDONLY when remounting nfs" - Revert "nfs: clear SB_RDONLY before getting superblock" - Revert "nfs: ignore SB_RDONLY when mounting nfs" - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags - Expand the type of nfs_fattr->valid - NFS: Fix inheritance of the block sizes when automounting - fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() - [amd64] platform/x86: asus-wmi: use brightness_set_blocking() for kbd led - blk-mq: Abort suspend when wakeup events are pending - block: fix comment for op_is_zone_mgmt() to include RESET_ALL - block: fix memory leak in __blkdev_issue_zero_pages - nvme-auth: use kvfree() for memory allocated with kvcalloc() - drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() - regulator: fixed: Rely on the core freeing the enable GPIO - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events - drm/nouveau: refactor deprecated strcpy - cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 - docs: hwmon: fix link to g762 devicetree binding - dma/pool: eliminate alloc_pages warning in atomic_pool_expand - ALSA: uapi: Fix typo in asound.h comment - drm/amdkfd: Use huge page size to check split svm range alignment - rtc: gamecube: Check the return value of ioremap() - ALSA: firewire-motu: add bounds check in put_user loop for DSP events - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock - block: return unsigned int from queue_dma_alignment - dm-raid: fix possible NULL dereference with undefined raid type - dm log-writes: Add missing set_freezable() for freezable kthread - efi/cper: Add a new helper function to print bitmasks - efi/cper: Adjust infopfx size to accept an extra space - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (CVE-2025-68324) - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() - ocfs2: fix memory leak in ocfs2_merge_rec_left() - net: lan743x: Allocate rings outside ZONE_DMA - net: dst: introduce dst->dev_rcu - tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075) - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt - usb: phy: Initialize struct usb_phy list_head - usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required - ALSA: dice: fix buffer overflow in detect_stream_formats() - ALSA: wavefront: Fix integer overflow in sample size validation . [ Uwe Kleine-König ] * [armhf] Enable LEDS_TURRIS_OMNIA as a module for Turris Omnia LED support. . [ Maxwell Pevner ] * drivers/hid: Enable HID_UNIVERSAL_PIDFF as module (Closes: #1122144) linux-signed-arm64 (6.12.63+1) trixie; urgency=medium . * Sign kernel from linux 6.12.63-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.58 - NFSD: Fix crash in nfsd4_read_release() - net: usb: asix_devices: Check return value of usbnet_get_endpoints - fbcon: Set fb_display[i]->mode to NULL when the mode is released - fbdev: atyfb: Check if pll_ops->init_pll failed - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() - ACPI: button: Call input_free_device() on failing input device registration - virtio-net: drop the multi-buffer XDP packet in zerocopy - fbdev: bitblit: bound-check glyph index in bit_putcs* - Bluetooth: rfcomm: fix modem control handling - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode - mptcp: drop bogus optimization in __mptcp_check_push() - mptcp: restore window probe - [arm64] ASoC: qdsp6: q6asm: do not sleep while atomic - [s390x] pci: Restore IRQ unconditionally for the zPCI device - smb: client: fix potential cfid UAF in smb2_query_info_compound - [amd64] x86/fpu: Ensure XFD state on signal delivery - wifi: ath10k: Fix memory leak on unsupported WMI command - wifi: ath11k: Add missing platform IDs for quirk table - wifi: ath12k: free skb during idr cleanup callback - wifi: ath11k: add support for MU EDCA - wifi: ath11k: avoid bit operation on key flags - [arm64] drm/msm/a6xx: Fix GMU firmware parser - ALSA: usb-audio: fix control pipe direction - wifi: mac80211: don't mark keys for inactive links as uploaded - wifi: mac80211: fix key tailroom accounting leak - bpf: Sync pending IRQ work before freeing ring buffer - scsi: ufs: core: Initialize value of an attribute returned by uic cmd - bpf: Find eligible subprogs for private stack support - bpf, x86: Avoid repeated usage of bpf_prog->aux->stack_depth - bpf: Do not audit capability check in do_jit() - [amd64] ASoC: Intel: avs: Unprepare a stream when XRUN occurs - [amd64] ASoC: Intel: avs: Disable periods-elapsed work when closing PCM - [arm64,armhf] ASoC: fsl_sai: fix bit order for DSD format - libbpf: Fix powerpc's stack register definition in bpf_tracing.h - usbnet: Prevents free active kevent - Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once - Bluetooth: ISO: Update hci_conn_hash_lookup_big for Broadcast slave - Bluetooth: ISO: Fix BIS connection dst_type handling - Bluetooth: btmtksdio: Add pmctrl handling for BT closed state during reset - Bluetooth: HCI: Fix tracking of advertisement set/instance 0x00 - Bluetooth: ISO: Fix another instance of dst_type handling - Bluetooth: hci_core: Fix tracking of periodic advertisement - [arm64,armhf] drm/etnaviv: fix flush sequence logic - [arm64] net: hns3: return error code when function fails - sfc: fix potential memory leak in efx_mae_process_mport() - dpll: spec: add missing module-name and clock-id to pin-get reply - [arm64,armhf] ASoC: fsl_sai: Fix sync error in consumer mode - drm/radeon: Do not kfree() devres managed rdev - drm/radeon: Remove calls to drm_put_dev() - drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji - drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland - ACPI: fan: Use ACPI handle when retrieving _FST - block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL - block: make REQ_OP_ZONE_OPEN a write operation - regmap: slimbus: fix bus_context pointer in regmap init calls - [s390x] mm: Fix memory leak in add_marker() when kvrealloc() fails - drm/xe: Do not wake device during a GT reset - drm/sysfb: Do not dereference NULL pointer in plane reset - drm/sched: avoid killing parent entity on child SIGKILL - drm/nouveau: Fix race in nouveau_sched_fini() - [arm64] drm/mediatek: Fix device use-after-free on unbind - drm/amd: Check that VPE has reached DPM0 in idle handler - drm/amd/display: Fix incorrect return of vblank enable on unconfigured crtc (Closes: #1000966) - ACPI: fan: Add fan speed reporting for fans with only _FST - ACPI: fan: Use platform device for devres-related actions - sched_ext: Mark scx_bpf_dsq_move_set_[slice|vtime]() with KF_RCU - cpuidle: governors: menu: Rearrange main loop in menu_select() - cpuidle: governors: menu: Select polling state in some more cases - [amd64] mfd: kempld: Switch back to earlier ->init() behavior - [amd64] x86/CPU/AMD: Add RDSEED fix for Zen5 - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. - drm/sched: Optimise drm_sched_entity_push_job - drm/sched: Re-group and rename the entity run-queue lock - drm/sched: Fix race in drm_sched_entity_select_rq() - [s390x] pci: Avoid deadlock between PCI error recovery and mlx5 crdump - [s390x] Disable ARCH_WANT_OPTIMIZE_HUGETLB_VMEMMAP - [armhf] soc: aspeed: socinfo: Add AST27xx silicon IDs - [arm64] firmware: qcom: scm: preserve assign_mem() error return value - [arm64] soc: qcom: smem: Fix endian-unaware access of num_entries - [arm64] soc: ti: pruss: don't use %pK through printk - bpf: Don't use %pK through printk - pinctrl: single: fix bias pull up/down handling in pin_config_set - [arm64] mmc: host: renesas_sdhi: Fix the actual clock - memstick: Add timeout to prevent indefinite waiting - [arm64,armhf] cpufreq: ti: Add support for AM62D2 - bpf: Use tnums for JEQ/JNE is_branch_taken logic - firewire: ohci: move self_id_complete tracepoint after validating register - [riscv64] irqchip/sifive-plic: Respect mask state when setting affinity - io_uring/zctx: check chained notif contexts - ACPI: sysfs: Use ACPI_FREE() for freeing an ACPI object - ACPI: video: force native for Lenovo 82K8 - libbpf: Fix USDT SIB argument handling causing unrecognized register error - cpufreq/longhaul: handle NULL policy in longhaul_exit - [arm64,armhf] irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - ACPI: PRM: Skip handlers with NULL handler_address or NULL VA - ACPI: resource: Skip IRQ override on ASUS Vivobook Pro N6506CU - ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] - thermal: gov_step_wise: Allow cooling level to be reduced earlier - power: supply: qcom_battmgr: add OOI chemistry - [amd64] hwmon: (k10temp) Add thermal support for AMD Family 1Ah-based models - [amd64] hwmon: (k10temp) Add device ID for Strix Halo - power: supply: sbs-charger: Support multiple devices - cpufreq: ondemand: Update the efficient idle check for Intel extended Families - [arm64,armhf] soc/tegra: fuse: Add Tegra114 nvmem cells and fuse lookups - [arm64] firmware: qcom: tzmem: disable sc7180 platform - [arm64] mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - pwm: pca9685: Use bulk write to atomicially update registers - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - [amd64,arm64] tee: allow a driver to allocate a tee_device without a pool - nvmet-fc: avoid scheduling association deletion twice - nvme-fc: use lock accessing port_state and rport state - bpf: Do not limit bpf_cgroup_from_id to current's namespace - i3c: mipi-i3c-hci-pci: Add support for Intel Wildcat Lake-U I3C - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tools/cpupower: fix error return value in cpupower_write_sysfs() - power: supply: qcom_battmgr: handle charging state change notifications - bpftool: Fix -Wuninitialized-const-pointer warnings with clang >= 21 - cpuidle: Fail cpuidle device registration if there is one already - futex: Don't leak robust_list pointer on exec race - ACPI: SPCR: Support Precise Baud Rate field - blk-cgroup: fix possible deadlock while configuring policy - [riscv64] bpf: Fix uninitialized symbol 'retval_off' - bpf: Clear pfmemalloc flag when freeing all fragments - nvme: Use non zero KATO for persistent discovery connections - uprobe: Do not emulate/sstep original instruction when ip is changed - [amd64] hwmon: (asus-ec-sensors) increase timeout for locking ACPI mutex - [amd64] hwmon: (dell-smm) Remove Dell Precision 490 custom config data - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/power x86_energy_perf_policy: Prefer driver HWP limits - [armhf] mfd: stmpe: Remove IRQ domain upon removal - [armhf] mfd: stmpe-i2c: Add missing MODULE_LICENSE - [riscv64] mfd: da9063: Split chip variant reading in two bus transactions - mfd: core: Increment of_node's refcount before linking it to the platform device - [amd64] mfd: intel-lpss: Add Intel Wildcat Lake LPSS PCI IDs - drm/amd/display: fix condition for setting timing_adjust_pending - drm/amd/display: ensure committing streams is seamless - drm/amdgpu: add range check for RAS bad page address - drm/amdgpu: Check vcn sram load return value - drm/amd/display: Move setup_stream_attribute - drm/amd/display: Increase AUX Intra-Hop Done Max Wait Duration - drm/xe/guc: Add more GuC load error status codes - drm/xe: Fix oops in xe_gem_fault when running core_hotunplug test. - drm/amdgpu: Avoid rma causes GPU duplicate reset - drm/amd/amdgpu: Release xcp drm memory after unplug - drm/amdgpu: Skip poison aca bank from UE channel - drm/amd/display: add more cyan skillfish devices - drm/amd/display: update dpp/disp clock from smu clock table - drm/amd/pm: Use cached metrics data on aldebaran - drm/amd/pm: Use cached metrics data on arcturus - drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - [arm64] ASoC: mediatek: Use SND_JACK_AVOUT for HDMI/DP jacks - drm/amd/display: Reset apply_eamless_boot_optimization when dpms_off - drm/amd/display: Wait until OTG enable state is cleared - PCI: Disable MSI on RDC PCI to PCIe bridges - wifi: rtw89: print just once for unknown C2H events - wifi: rtw88: sdio: use indirect IO for device registers before power-on - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - media: pci: ivtv: Don't create fake v4l2_fh - [arm64] drm/tidss: Use the crtc_* timings when programming the HW - [arm64] drm/tidss: Set crtc modesetting parameters with adjusted mode - PCI/ERR: Update device error_state already after reset - [amd64] x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - net: stmmac: Check stmmac_hw_setup() in stmmac_resume() - ice: Don't use %pK through printk or tracepoints - thunderbolt: Use is_pciehp instead of is_hotplug_bridge - tty: serial: ip22zilog: Use platform device for probing - [powerpc*] eeh: Use result of error_detected() in uevent - [s390x] pci: Use pci_uevent_ers() in PCI recovery - bridge: Redirect to backup port when port is administratively down - net: ipv6: fix field-spanning memcpy warning in AH output - media: imon: make send_packet() more robust - [arm64] drm/panthor: Serialize GPU cache flush operations - HID: pidff: Use direction fix only for conditional effects - HID: pidff: PERMISSIVE_CONTROL quirk autodetection - [arm64,armhf] drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts - drm/amdgpu: fix nullptr err of vm_handle_moved - drm/amdkfd: Handle lack of READ permissions in SVM mapping - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - iio: adc: imx93_adc: load calibrated values even calibration failed - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - wifi: rtw89: wow: remove notify during WoWLAN net-detect - wifi: rtw89: fix BSSID comparison for non-transmitted BSSID - dm error: mark as DM_TARGET_PASSES_INTEGRITY - char: misc: Make misc_register() reentry for miscdevice who wants dynamic minor - char: misc: Does not request module for miscdevice with dynamic minor - net: When removing nexthops, don't call synchronize_net if it is not necessary - net: stmmac: Correctly handle Rx checksum offload errors - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - f2fs: fix to detect potential corrupted nid in free_nid_list - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - bnxt_en: Add Hyper-V VF ID - tty: serial: Modify the use of dev_err_probe() - ALSA: usb-audio: Add validation of UAC2/UAC3 effect units - [amd64,arm64] idpf: do not linearize big TSO packets - rds: Fix endianness annotation for RDS_MPATH_HASH - media: ipu6: isys: Set embedded data type correctly for metadata formats - rpmsg: char: Export alias for RPMSG ID rpmsg-raw from table - net: ipv4: allow directed broadcast routes to use dst hint - scsi: mpi3mr: Fix I/O failures during controller reset - scsi: mpi3mr: Fix controller init failure on fault during queue creation - scsi: pm80xx: Fix race condition caused by static variables - remoteproc: wkup_m3: Use devm_pm_runtime_enable() helper - net: phy: fixed_phy: let fixed_phy_unregister free the phy_device - fuse: zero initialize inode private data - drm/amdgpu: Correct the counts of nr_banks and nr_errors - drm/amdkfd: fix vram allocation failure for a special case - drm/amd/display: Support HW cursor 180 rot for any number of pipe splits - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - [amd64] platform/x86/intel-uncore-freq: Fix warning in partitioned system - media: fix uninitialized symbol warnings - media: pci: mgb4: Fix timings comparison in VIDIOC_S_DV_TIMINGS - [amd64] ASoC: SOF: ipc4-pcm: Add fixup for channels - drm/amd/display: Increase minimum clock for TMDS 420 with pipe splitting - drm/amd/display: incorrect conditions for failing dto calculations - drm/amdgpu: Avoid vcn v5.0.1 poison irq call trace on sriov guest - drm/amdgpu: Respect max pixel clock for HDMI and DVI-D (v2) - inet_diag: annotate data-races in inet_diag_bc_sk() - tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() - [amd64] crypto: qat - use kcalloc() in qat_uclo_map_objs_from_mof() - scsi: pm8001: Use int instead of u32 to store error codes - [arm64] scsi: ufs: exynos: fsd: Gate ref_clk and put UFS device in reset on suspend - ptp: Limit time setting of PTP clocks - dmaengine: sh: setup_xref error handling - [arm64,armhf] dmaengine: mv_xor: match alloc_wc and free_wc - [arm64] drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL - [arm64] drm/msm/dsi/phy_7nm: Fix missing initial VCO rate - drm/amdgpu: Allow kfd CRIU with no buffer objects - drm/xe/guc: Increase GuC crash dump buffer size - ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled - [arm64] drm/panthor: check bo offset alignment in vm bind - drm: panel-backlight-quirks: Make EDID match optional - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - media: adv7180: Add missing lock in suspend callback - media: adv7180: Do not write format to device in set_fmt - media: adv7180: Only validate format in querystd - [arm64,armhf] media: verisilicon: Explicitly disable selection api ioctls for decoders - wifi: mac80211: Fix 6 GHz Band capabilities element advertisement in lower bands - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - [arm64,armhf] PCI: imx6: Enable the Vaux supply if available - drm/xe/guc: Set upper limit of H2G retries over CTB - net: call cond_resched() less often in __release_sock() - smsc911x: add second read of EEPROM mac when possible corruption seen - [amd64] iommu/amd: Skip enabling command/event buffers for kdump - [amd64] crypto: ccp: Skip SEV and SNP INIT for kdump boot - drm/amd: add more cyan skillfish PCI ids - drm/amdgpu: don't enable SMU on cyan skillfish - drm/amdgpu: add support for cyan skillfish gpu_info - drm/amd/display: Fix pbn_div Calculation Error - [arm64] net: dsa: felix: support phy-mode = "10g-qxgmii" - usb: gadget: f_hid: Fix zero length packet transfer - usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget - tty/vt: Add missing return value for VT_RESIZE in vt_ioctl() - [arm64] drm/msm: make sure to not queue up recovery more than once - char: Use list_del_init() in misc_deregister() to reinitialize list pointer - PCI: endpoint: pci-epf-test: Limit PCIe BAR size for fixed BARs - wifi: iwlwifi: fw: Add ASUS to PPAG and TAS list - [amd64] media: ov08x40: Fix the horizontal flip control - media: i2c: og01a1b: Specify monochrome media bus format instead of Bayer - f2fs: fix wrong layout information on 16KB page - net: phy: marvell: Fix 88e1510 downshift counter errata - ntfs3: pretend $Extend records as regular files - wifi: mac80211: Fix HE capabilities element check - [arm64] phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 - [arm64] drm/msm/registers: Generate _HI/LO builders for reg64 - net: sh_eth: Disable WoL if system can not suspend - netfilter: nf_reject: don't reply to icmp error messages - [amd64] x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT - net: devmem: expose tcp_recvmsg_locked errors - udp_tunnel: use netdev_warn() instead of netdev_WARN() - HID: asus: add Z13 folio to generic group for multitouch to work - watchdog: s3c2410_wdt: Fix max_timeout being calculated larger - [arm64] crypto: sun8i-ce - remove channel timeout field - PCI: dwc: Verify the single eDMA IRQ in dw_pcie_edma_irq_verify() - [amd64] crypto: ccp - Fix incorrect payload size calculation in psp_poulate_hsti() - [arm64,armhf] crypto: caam - double the entropy delay interval for retry - net/cls_cgroup: Fix task_get_classid() during qdisc run - wifi: mt76: mt7921: Add 160MHz beamformee capability for mt7922 device - wifi: mt76: mt7996: Temporarily disable EPCS - wifi: mt76: mt76_eeprom_override to int - ALSA: serial-generic: remove shared static buffer - wifi: mt76: mt7996: fix memory leak on mt7996_mcu_sta_key_tlv error - drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl - drm/amd/display: Set up pixel encoding for YCBCR422 - drm/amd/display: fix dml ms order of operations - drm/amd: Avoid evicting resources at S5 - drm/amd/display: Fix DVI-D/HDMI adapters - drm/amd/display: Disable VRR on DCE 6 - drm/amd/display/dml2: Guard dml21_map_dc_state_into_dml_display_cfg with DC_FP_START - page_pool: always add GFP_NOWARN for ATOMIC allocations - ethernet: Extend device_get_mac_address() to use NVMEM - HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 - drm/xe/guc: Return an error code if the GuC load fails - drm/amdgpu: reject gang submissions under SRIOV - scsi: ufs: core: Disable timestamp functionality if not supported - scsi: lpfc: Clean up allocated queues when queue setup mbox commands fail - scsi: lpfc: Decrement ndlp kref after FDISC retries exhausted - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Ensure PLOGI_ACC is sent prior to PRLI in Point to Point topology - allow finish_no_open(file, ERR_PTR(-E...)) - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - f2fs: fix infinite loop in __insert_extent_tree() - wifi: rtw89: obtain RX path from ppdu status IE00 - wifi: rtw89: renew a completion for each H2C command waiting C2H event - usb: xhci-pci: add support for hosts with zero USB3 ports - ipv6: np->rxpmtu race annotation - RDMA/irdma: Update Kconfig - IB/ipoib: Ignore L3 master device - jfs: Verify inode mode when loading from disk - jfs: fix uninitialized waitqueue in transaction manager - drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() - [arm64] ASoC: qcom: sc8280xp: explicitly set S16LE format in sc8280xp_be_hw_params_fixup() - net: phy: clear link parameters on admin link down - bus: mhi: core: Improve mhi_sync_power_up handling for SYS_ERR state - [amd64] iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() - wifi: ath10k: Fix connection after GTK rekeying - wifi: mac80211: Track NAN interface start/stop - net: intel: fm10k: Fix parameter idx set but not used - r8169: set EEE speed down ratio to 1 - vfio: return -ENOTTY for unsupported device feature - PCI/PM: Skip resuming to D0 if device is disconnected - remoteproc: qcom: q6v5: Avoid handling handover twice - wifi: ath12k: Increase DP_REO_CMD_RING_SIZE to 256 - [armhf] net: dsa: microchip: Set SPI as bus interface during reset for KSZ8463 - drm/amd/display: Add AVI infoframe copy in copy_stream_update_to_stream - drm/amd/display: Init dispclk from bootup clock for DCN314 - drm/amd/display: Fix for test crash due to power gating - drm/amd/display: change dc stream color settings only in atomic commit - NFSv4: handle ERR_GRACE on delegation recalls - NFSv4.1: fix mount hang after CREATE_SESSION failure - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing - net: bridge: Install FDB for bridge MAC on VLAN 0 - scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() - [amd64] accel/habanalabs/gaudi2: fix BMON disable configuration - scsi: mpt3sas: Add support for 22.5 Gbps SAS link rate - [amd64] accel/habanalabs: return ENOMEM if less than requested pages were pinned - [amd64] accel/habanalabs/gaudi2: read preboot status after recovering from dirty state - [amd64] accel/habanalabs: support mapping cb with vmalloc-backed coherent memory - fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock - ext4: increase IO priority of fastcommit - amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw - [armhf] ASoC: stm32: sai: manage context in set_sysclk callback - [armhf] ASoC: tlv320aic3x: Fix class-D initialization for tlv320aic3007 - ACPI: scan: Update honor list for RPMI System MSI - vfio/pci: Fix INTx handling on legacy non-PCI 2.3 devices - net/mlx5e: Don't query FEC statistics when FEC is disabled - net: macb: avoid dealing with endianness in macb_set_hwaddr() - Bluetooth: btusb: Check for unexpected bytes when defragmenting HCI frames - Bluetooth: SCO: Fix UAF on sco_conn_free - Bluetooth: btusb: Add new VID/PID 13d3/3633 for MT7922 - Bluetooth: bcsp: receive data only if registered - ALSA: usb-audio: add mono main switch to Presonus S1824c - net: stmmac: est: Drop frames causing HLBS error - exfat: limit log print for IO error - exfat: validate cluster allocation bits of the allocation bitmap - 6pack: drop redundant locking and refcounting - page_pool: Clamp pool size to max 16K pages - orangefs: fix xattr related buffer overflow... - ftrace: Fix softlockup in ftrace_module_enable - ksmbd: use sock_create_kern interface to create kernel socket - smb: client: transport: avoid reconnects triggered by pending task work - ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr - usb: xhci-pci: Fix USB2-only root hub registration - char: misc: restrict the dynamic range to exclude reserved minors - drm/amd/display: Add fallback path for YCBCR422 - ACPICA: Update dsmethod.c to get rid of unused variable warning - RDMA/irdma: Fix SD index calculation - RDMA/irdma: Remove unused struct irdma_cq fields - RDMA/irdma: Set irdma_cq cq_num field during CQ create - [arm64] RDMA/hns: Fix recv CQ and QP cache affinity - [arm64] RDMA/hns: Fix the modification of max_send_sge - [arm64] RDMA/hns: Fix wrong WQE data when QP wraps around - btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation - btrfs: mark dirty extent range for out of bound prealloc extents - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - clk: sunxi-ng: sun6i-rtc: Add A523 specifics - [arm64] rtc: pcf2127: clear minute/second interrupt - 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN - [armhf] clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled - [arm64] clk: scmi: Add duty cycle ops only when duty cycle is supported - 9p: fix /sys/fs/9p/caches overwriting itself - 9p: sysfs_init: don't hardcode error to ENOMEM - scsi: ufs: core: Include UTP error in INT_FATAL_ERRORS - ACPI: property: Return present device nodes only on fwnode interface - tools bitmap: Add missing asm-generic/bitsperlong.h include - tools: lib: thermal: don't preserve owner in install - tools: lib: thermal: use pkg-config to locate libnl3 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds - [arm64] rtc: pcf2127: fix watchdog interrupt mask on pcf2131 - net: wwan: t7xx: add support for HP DRMR-H01 - kbuild: uapi: Strip comments before size type check - [arm64,armhf] ASoC: meson: aiu-encoder-i2s: fix bit clock polarity - drm/amdkfd: Fix mmap write lock not release - ceph: add checking of wait_for_completion_killable() return value - ceph: fix potential race condition in ceph_ioctl_lazyio() - ceph: refactor wake_up_bit() pattern of calling - ceph: fix multifs mds auth caps issue - [amd64] x86: use cmov for user address masking - [amd64] x86/runtime-const: Add the RUNTIME_CONST_PTR assembly macro - [amd64] x86: uaccess: don't use runtime-const rewriting in modules - ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again - btrfs: ensure no dirty metadata is written back for an fs with errors - media: uvcvideo: Use heuristic to find stream entity - media: videobuf2: forbid remove_bufs when legacy fileio is active - [arm64] drm/mediatek: Disable AFBC support on Mediatek DRM driver - Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Closes: #1120680) - ring-buffer: Do not warn in ring_buffer_map_get_reader() when reader catches up - [riscv64] ptdump: use seq_puts() in pt_dump_seq_puts() macro - Bluetooth: hci_event: validate skb length for unknown CC opcode - Bluetooth: btrtl: Fix memory leak in rtlbt_parse_firmware_v2() - [armhf] net: dsa: tag_brcm: legacy: reorganize functions - [armhf] net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx - net: vlan: sync VLAN features with lower device - gpio: swnode: don't use the swnode's name as the key for GPIO lookup - gpiolib: fix invalid pointer access in debugfs - [armhf] net: dsa: b53: fix resetting speed and pause on forced link - [armhf] net: dsa: b53: fix bcm63xx RGMII port link adjustment - [armhf] net: dsa: b53: fix enabling ip multicast - [armhf] net: dsa: b53: stop reading ARL entries if search is done - sctp: Hold RCU read lock while iterating over address list - sctp: Prevent TOCTOU out-of-bounds write - sctp: Hold sock lock while iterating over address list - net: ionic: add dma_wmb() before ringing TX doorbell - net: ionic: map SKB after pseudo-header checksum prep - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup - bnxt_en: Fix a possible memory leak in bnxt_ptp_init - bnxt_en: Add mem_valid bit to struct bnxt_ctx_mem_type - bnxt_en: Refactor bnxt_free_ctx_mem() - bnxt_en: Add a 'force' parameter to bnxt_free_ctx_mem() - wifi: mac80211_hwsim: Limit destroy_on_close radio removal to netgroup - net/mlx5e: Fix return value in case of module EEPROM read error - [arm64] net: ti: icssg-prueth: Fix fdb hash size configuration - net/mlx5e: SHAMPO, Fix skb size check for 64K pages - [armhf] net: dsa: microchip: Fix reserved multicast address table programming - net: bridge: fix use-after-free due to MST port state bypass - net: bridge: fix MST static key usage - tracing: Fix memory leaks in create_field_var() - drm/amd/display: Enable mst when it's detected but yet to be initialized - drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb - Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() - [arm64] rtc: rx8025: fix incorrect register reference - [amd64] x86/microcode/AMD: Add more known models to entry sign checking - smb: client: validate change notify buffer before copy - smb: client: fix potential UAF in smb2_close_cached_fid() - drm/amdgpu/smu: Handle S0ix for vangogh - drm/amd/display: Fix NULL deref in debugfs odm_combine_segments - virtio-net: fix received length check in big packets - lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC - scsi: ufs: ufs-pci: Fix S0ix/S3 for Intel controllers - scsi: ufs: ufs-pci: Set UFSHCD_QUIRK_PERFORM_LINK_STARTUP_ONCE for Intel ADL - scsi: ufs: core: Add a quirk to suppress link_startup_again - drm/amd/display: update color on atomic commit time - ACPI: SPCR: Check for table version when using precise baudrate - drm/amdgpu: Fix unintended error log in VCN5_0_0 - drm/amdgpu: Fix function header names in amdgpu_connectors.c - drm/amd/display: Fix black screen with HDMI outputs https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.59 - [arm64] drm/mediatek: Add pm_runtime support for GCE power control - [amd64] drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD - [amd64] drm/i915: Fix conversion between clock ticks and nanoseconds - smb: client: fix refcount leak in smb2_set_path_attr - drm/amd: Fix suspend failure with secure display TA - drm/xe/guc: Synchronize Dead CT worker with unbind - drm/xe: Move declarations under conditional branch - drm/xe: Do clean shutdown also when using flr - [arm64] kprobes: check the return value of set_memory_rox() - [riscv64] clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors - [riscv64] acpi: avoid errors caused by probing DT devices when ACPI is used - drm/amdgpu: remove two invalid BUG_ON()s - drm/amd/pm: Disable MCLK switching on SI at high pixel clocks - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices - NFS4: Fix state renewals missing after boot - NFS4: Apply delay_retrans to async operations - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - HID: nintendo: Wait longer for initial probe - NFS: check if suid/sgid was cleared after a write as needed - HID: quirks: Add ALWAYS_POLL quirk for VRS R295 steering wheel - exfat: fix improper check of dentry.stream.valid_size - smb/server: fix possible memory leak in smb2_read() - smb/server: fix possible refcount leak in smb2_sess_setup() - HID: logitech-hidpp: Add HIDPP_QUIRK_RESET_HI_RES_SCROLL - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - wifi: ath11k: zero init info->status in wmi_process_mgmt_tx_comp() - erofs: avoid infinite loop due to incomplete zstd-compressed data - [arm64,armhf] net: fec: correct rx_bytes statistic for the case SHIFT16 is set - net: phy: micrel: Introduce lanphy_modify_page_reg - net: phy: micrel: Replace hardcoded pages with defines - net: phy: micrel: lan8814 fix reset of the QSGMII interface - NFSD: Skip close replay processing if XDR encoding fails - Bluetooth: MGMT: cancel mesh send timer when hdev removed - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto - net/smc: fix mismatch between CLC header and proposal - net/handshake: Fix memory leak in tls_handshake_accept() - tipc: Fix use-after-free in tipc_mon_reinit_self(). - net: mdio: fix resource leak in mdiobus_register_device() - wifi: mac80211: skip rate verification for not captured PSDUs - af_unix: Initialise scc_index in unix_add_edge(). - net_sched: act_connmark: use RCU in tcf_connmark_dump() - net: sched: act_connmark: initialize struct tc_ife to fix kernel leak - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak - net/mlx5e: Fix maxrate wraparound in threshold between units - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix potentially misleading debug message - net_sched: limit try_bulk_dequeue_skb() batches - virtio-net: fix incorrect flags recording in big mode - hsr: Fix supervision frame sending on HSRv0 - [amd64] ACPI: CPPC: Detect preferred core availability on online CPUs - [amd64] ACPI: CPPC: Check _CPC validity for only the online CPUs - [amd64] ACPI: CPPC: Perform fast check switch only for online CPUs - [amd64] ACPI: CPPC: Limit perf ctrs in PCC check only to online CPUs - Bluetooth: L2CAP: export l2cap_chan_hold for modules - acpi,srat: Fix incorrect device handle check for Generic Initiator - regulator: fixed: fix GPIO descriptor leak on register failure - [arm64] ASoC: codecs: va-macro: fix resource leak in probe error path - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE - ASoC: tas2781: fix getting the wrong device number - pnfs: Fix TLS logic in _nfs4_pnfs_v4_ds_connect() - pnfs: Set transport security policy to RPC_XPRTSEC_NONE unless using TLS - simplify nfs_atomic_open_v23() - NFSv2/v3: Fix error handling in nfs_atomic_open_v23() - NFS: sysfs: fix leak when nfs_client kobject add fails - NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() - NFS: Fix LTP test failures when timestamps are delegated - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd - acpi/hmat: Fix lockdep warning for hmem_register_resource() - bpf: Add bpf_prog_run_data_pointers() - bpf: account for current allocated stack depth in widen_imprecise_scalars() - [riscv64] irqchip/riscv-intc: Add missing free() callback in riscv_intc_domain_ops - wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path - proc: fix the issue of proc_mem_open returning NULL - ext4: introduce ITAIL helper - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) - Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981) - f2fs: fix to avoid overflow while left shift operation (CVE-2025-40077) - hostfs: Fix only passing host root in boot stage with new mount - virtio-fs: fix incorrect check for fsvq->kobj - fs/namespace: correctly handle errors returned by grab_requested_mnt_ns - sched_ext: Fix unsafe locking in the scx_dump_state() - Revert "netfilter: nf_tables: Reintroduce shortened deletion notifications" - netfilter: nf_tables: reject duplicate device on updates (CVE-2025-38678) - [arm64] dts: rockchip: Set correct pinctrl for I2S1 8ch TX on odroid-m1 - [arm64] dts: rockchip: Make RK3588 GPU OPP table naming less generic - [armhf] dts: imx51-zii-rdu1: Fix audmux node names - HID: hid-ntrig: Prevent memory leak in ntrig_report_version() - HID: playstation: Fix memory leak in dualshock4_get_calibration_data() - HID: uclogic: Fix potential memory leak in error path - [amd64] KVM: SVM: Mark VMCB_LBR dirty when MSR_IA32_DEBUGCTLMSR is updated - nfsd: fix refcount leak in nfsd_set_fh_dentry() (CVE-2025-40212) - nfsd: add missing FATTR4_WORD2_CLONE_BLKSIZE from supported attributes - NFSD: free copynotify stateid in nfs4_free_ol_stateid() - ksmbd: close accepted socket when per-IP limit rejects connection - ksm: use range-walk function to jump over holes in scan_get_next_rmap_item - strparser: Fix signed/unsigned mismatch bug - dma-mapping: benchmark: Restore padding to ensure uABI remained consistent - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe - nilfs2: avoid having an active sc_timer before freeing sci - wifi: mac80211: reject address change while connecting - fs/proc: fix uaf in proc_readdir_de() - mm/mm_init: fix hash table order logging in alloc_large_system_hash() - mm/shmem: fix THP allocation and fallback loop - mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 - mmc: dw_mmc-rockchip: Fix wrong internal phase calculate - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer - cifs: client: fix memory leak in smb3_fs_context_parse_param - codetag: debug: handle existing CODETAG_EMPTY in mark_objexts_empty for slabobj_ext - crash: fix crashkernel resource shrink - smb: client: fix cifs_pick_channel when channel needs reconnect - spi: Try to get ACPI GPIO IRQ earlier - [amd64] x86/microcode/AMD: Add Zen5 model 0x44, stepping 0x1 minrev - ftrace: Fix BPF fexit with livepatch - PM: hibernate: Emit an error when image writing fails - PM: hibernate: Use atomic64_t for compressed_size variable - btrfs: zoned: fix conventional zone capacity calculation - btrfs: scrub: put bio after errors in scrub_raid56_parity_stripe() - btrfs: do not update last_log_commit when logging inode due to a new name - btrfs: release root after error in data_reloc_print_warning_inode() - drm/amdkfd: relax checks for over allocation of save area - drm/amdgpu: disable peer-to-peer access for DCC-enabled GC12 VRAM surfaces - [arm64] pmdomain: arm: scmi: Fix genpd leak on provider registration failure - [armhf] pmdomain: imx: Fix reference count leak in imx_gpc_remove - [arm64,armhf] pmdomain: samsung: plug potential memleak during probe - mptcp: fix MSG_PEEK stream corruption - wifi: cfg80211: add an hrtimer based delayed work item - wifi: mac80211: use wiphy_hrtimer_work for csa.switch_work - mm, percpu: do not consider sleepable allocations atomic - [amd64] KVM: guest_memfd: Pass index, not gfn, to __kvm_gmem_get_pfn() - [amd64] KVM: guest_memfd: Remove RCU-protected attribute from slot->gmem.file - [amd64] KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying - net: netpoll: Individualize the skb pool - net: netpoll: flush skb pool during cleanup - net: netpoll: fix incorrect refcount handling causing incorrect cleanup - [amd64] KVM: VMX: Split out guts of EPT violation to common/exposed function - [amd64] KVM: VMX: Fix check for valid GVA on an EPT violation - ALSA: hda: Fix missing pointer check in hda_component_manager_init function (CVE-2025-40097) - io_uring/napi: fix io_napi_entry RCU accesses - uio_hv_generic: Set event for all channels on the device (Closes: #1120602) - mm/memory: do not populate page table entries beyond i_size - mm/truncate: unmap large folio on split failure - mm/secretmem: fix use-after-free race in fault handler - mm/huge_memory: do not change split_huge_page*() target order silently - mm/huge_memory: preserve PG_has_hwpoisoned if a folio is split to >0 order - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() - net: phy: micrel: Fix lan8814_config_init - net: netpoll: ensure skb_pool list is always initialized - proc: proc_maps_open allow proc_mem_open to return NULL - Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CVE-2025-40213) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.60 - [arm64] KVM: arm64: Check the untrusted offset in FF-A memory share - timers: Fix NULL function pointer race in timer_shutdown_sync() - HID: amd_sfh: Stop sensor before starting - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Closes: #1114557) - [arm64] dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 - mtdchar: fix integer overflow in read/write ioctls - isofs: check the return value of sb_min_blocksize() in isofs_fill_super - shmem: fix tmpfs reconfiguration (remount) when noswap is set - exfat: check return value of sb_min_blocksize in exfat_read_boot_sector - mptcp: Disallow MPTCP subflows from sockmap - mptcp: Fix proto fallback detection with BPF - ata: libata-scsi: Fix system suspend for a security locked drive - smb: client: introduce close_cached_dir_locked() - ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() - be2net: pass wrb_params in case of OS2BMC - [armhf] net: dsa: microchip: lan937x: Fix RGMII delay tuning - [arm64,armhf] Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" - Input: cros_ec_keyb - fix an invalid memory access - Input: goodix - add support for ACPI ID GDIX1003 - Input: pegasus-notetaker - fix potential out-of-bounds access - mm/mempool: fix poisoning order>0 pages with HIGHMEM - nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot - nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() - scsi: sg: Do not sleep in atomic context - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() - dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups - mptcp: fix race condition in mptcp_schedule_work() - mptcp: fix ack generation for fallback msk - mptcp: fix duplicate reset on fastclose - mptcp: fix premature close in case of fallback - mptcp: avoid unneeded subflow-level drops - mptcp: decouple mptcp fastclose from tcp close - mptcp: do not fallback when OoO is present - [arm64,armhf] drm/tegra: dc: Fix reference leak in tegra_dc_couple() - drm/radeon: delete radeon_fence_process in is_signaled, no deadlock - drm/amd: Skip power ungate during suspend for VPE - drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled - drm/amd/display: Increase DPCD read retries - drm/amd/display: Move sleep into each retry for retrieve_link_cap() - drm/amd/display: Fix pbn to kbps Conversion - drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 - xfrm: drop SA reference in xfrm_state_update if dir doesn't match - xfrm: set err and extack on failure to create pcpu SA - xfrm: Determine inner GSO type from packet inner protocol - xfrm: Prevent locally generated packets from direct output in tunnel mode - [amd64] pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - [arm64,armhf] drm/tegra: Add call to put_pid() - net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() - net: openvswitch: remove never-working support for setting nsh fields - nvme-multipath: fix lockdep WARN due to partition scan work - [s390x] ctcm: Fix double-kfree - [amd64] platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() - [amd64,arm64] idpf: fix possible vport_config NULL pointer deref in remove - ice: fix PTP cleanup on driver removal in error path - devlink: rate: Unset parent pointer in devl_rate_nodes_destroy - net/mlx5: Clean up only new IRQ glue on request_irq() failure - af_unix: Cache state->msg in unix_stream_read_generic(). - af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). - cifs: fix memory leak in smb3_fs_context_parse_param error path - vsock: Ignore signal/timeout on connect() if already established - bcma: don't register devices disabled in OF - cifs: fix typo in enable_gcm_256 module parameter - scsi: core: Fix a regression triggered by scsi_host_busy() - [amd64] x86/microcode/AMD: Limit Entrysign signature checking to known generations - net: tls: Change async resync helpers argument - blk-crypto: use BLK_STS_INVAL for alignment errors - net: tls: Cancel RX async resync request on rcd_delta overflow - ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check - [arm64] KVM: arm64: Make all 32bit ID registers fully writable - drm/xe: Prevent BIT() overflow when handling invalid prefetch region - [s390x] mm: Fix __ptep_rdp() inline assembly - ALSA: usb-audio: fix uac2 clock source at terminal parser - tracing/tools: Fix incorrcet short option in usage text for --threads - drm/amdgpu: fix gpu page fault after hibernation on PF passthrough - smb: client: fix incomplete backport in cfids_invalidation_worker() - tty/vt: fix up incorrect backport to stable releases - maple_tree: fix tracepoint string pointers - [amd64] drm/i915/dp_mst: Disable Panel Replay - mptcp: fix a race in mptcp_pm_del_add_timer() - xfs: Replace strncpy with memcpy - xfs: fix out of bounds memory read error in symlink repair - drm/amd/display: avoid reset DTBCLK at clock init - drm/amd/display: disable DPP RCG before DPP CLK enable - drm/amd/display: Insert dccg log for easy debug - drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched - Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.61 - can: kvaser_usb: leaf: Fix potential infinite loop in command parsers - can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data - Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface - Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind - Bluetooth: SMP: Fix not generating mackey and ltk when repairing - net: sched: generalize check for no-queue qdisc on TX queue - veth: apply qdisc backpressure on full ptr_ring to reduce TX drops - veth: prevent NULL pointer dereference in veth_xdp_rcv - veth: more robust handing of race to avoid txq getting stuck - veth: reduce XDP no_direct return section to fix race - [amd64] platform/x86: intel: punit_ipc: fix memory corruption - net: aquantia: Add missing descriptor cache invalidation on ATL2 - net: lan966x: Fix the initialization of taprio - drm/xe: Fix conversion from clock ticks to milliseconds - net/mlx5e: Fix validation logic in rate limiting - team: Move team device type change at the end of team_port_add - drm/amdgpu: fix cyan_skillfish2 gpu info fw handling - net: wwan: mhi: Keep modem name match with Foxconn T99W640 - net: atlantic: fix fragment overflow handling in RX path - [arm64,armhf] net: fec: cancel perout_timer when PEROUT is disabled - [arm64,armhf] net: fec: do not update PEROUT if it is enabled - [arm64,armhf] net: fec: do not allow enabling PPS and PEROUT simultaneously - [arm64,armhf] net: fec: do not register PPS event for PEROUT - iio: st_lsm6dsx: Fixed calibrated timestamp calculation - [arm64] mailbox: mtk-cmdq: Refine DMA address handling for the command buffer - mailbox: pcc: Refactor error handling in irq handler into separate function - mailbox: pcc: don't zero error register - fs/namespace: fix reference leak in grab_requested_mnt_ns - spi: spi-mem: Allow specifying the byte order in Octal DTR mode - spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency - spi: spi-mem: Add a new controller capability - [arm64] spi: nxp-fspi: Support per spi-mem operation frequency switches - [arm64] spi: spi-nxp-fspi: remove the goto in probe - [arm64] spi: spi-nxp-fspi: Add OCT-DTR mode support - [arm64] spi: nxp-fspi: Propagate fwnode in ACPI case as well - Revert "drm/amd/display: Move setup_stream_attribute" - [amd64] Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" - iio: buffer-dma: support getting the DMA channel - iio: buffer-dmaengine: enable .get_dma_dev() - iio: buffer: support getting dma channel from the buffer - iio: accel: bmc150: Fix irq assumption regression (Closes: #1106411) - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs - ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 - [arm64] dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity - Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref - can: sja1000: fix max irq loop handling - can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling - ceph: fix crash in process_v2_sparse_read() for encrypted directories - dm-verity: fix unreliable memory allocation - drivers/usb/dwc3: fix PCI parent check - smb: client: fix memory leak in cifs_construct_tcon() - [amd64] thunderbolt: Add support for Intel Wildcat Lake - [arm64] slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves - nvmem: layouts: fix nvmem_layout_bus_uevent - firmware: stratix10-svc: fix bug in saving controller data - mm/memfd: fix information leak in hugetlb folios - mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level - mptcp: clear scheduled subflows on retransmit - mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). - [arm*] serial: amba-pl011: prefer dma_mapping_error() over explicit address checking - usb: cdns3: Fix double resource release in cdns3_pci_probe - usb: gadget: f_eem: Fix memory leak in eem_unwrap - usb: storage: Fix memory leak in USB bulk transport - USB: storage: Remove subclass and protocol overrides from Novatek quirk - usb: storage: sddr55: Reject out-of-bound new_pba - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer - [amd64,arm64] usb: dwc3: pci: add support for the Intel Nova Lake -S - [amd64,arm64] usb: dwc3: pci: Sort out the Intel device IDs - [amd64,arm64] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths - xhci: fix stale flag preventig URBs after link state error is cleared - xhci: dbgtty: Fix data corruption when transmitting data form DbC to host - xhci: dbgtty: fix device unregister - USB: serial: ftdi_sio: add support for u-blox EVK-M101 - USB: serial: option: add support for Rolling RW101R-GL - drm: sti: fix device leaks at component probe - drm/amd/amdgpu: reserve vm invalidation engine for uni_mes - drm/amd/display: Check NULL before accessing - drm/amd/display: Don't change brightness for disabled connectors - [armhf] net: dsa: microchip: common: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: ptp: Fix checks on irq_find_mapping() - [armhf] net: dsa: microchip: Don't free uninitialized ksz_irq - libceph: fix potential use-after-free in have_mon_and_osd_map() - libceph: prevent potential out-of-bounds writes in handle_auth_session_key() - libceph: replace BUG_ON with bounds check for map->max_osd - staging: rtl8712: Remove driver using deprecated API wext - nfsd: Replace clamp_t in nfsd4_get_drc_mem() - usb: typec: ucsi: psy: Set max current to zero when disconnected - usb: udc: Add trace event for usb_gadget_set_state - usb: gadget: udc: fix use-after-free in usb_gadget_state_work - mm/huge_memory: fix NULL pointer deference when splitting folio - [amd64] KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() - [amd64] KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() - [amd64] KVM: nSVM: Fix and simplify LBR virtualization handling with nested - [amd64] KVM: SVM: Fix redundant updates of LBR MSR intercepts - drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup - [armhf] net: dsa: microchip: Do not execute PTP driver code for unsupported switches - [armhf] net: dsa: microchip: Free previously initialized ports on init failures - wifi: ath12k: correctly handle mcast packets for clients - Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" - [amd64] drm/i915/dp: Initialize the source OUI write timestamp always - [arm64] spi: spi-nxp-fspi: Check return value of devm_mutex_init() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.62 - xfrm: delete x->tunnel as we delete x - Revert "xfrm: destroy xfrm_state synchronously on net exit path" - xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added - xfrm: flush all states in xfrm_state_fini - Documentation: process: Also mention Sasha Levin as stable tree maintainer - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted - ext4: refresh inline data size before write operations - ksmbd: ipc: fix use-after-free in ipc_msg_send_request - ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() - [amd64] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced - USB: serial: option: add Foxconn T99W760 - USB: serial: option: add Telit Cinterion FE910C04 new compositions - USB: serial: option: move Telit 0x10c7 composition in the right place - USB: serial: ftdi_sio: match on interface number for jtag - serial: add support of CPCI cards - USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC - USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC - ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() - [arm64,armhf] ipi: imx: keep dma request disabled before dma transfer setup - drm/vmwgfx: Use kref in vmw_bo_dirty - Bluetooth: btrtl: Avoid loading the config file on security chips - smb: fix invalid username check in smb3_fs_context_parse_param() - drm/amdkfd: Fix GPU mappings for APU after prefetch - ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series - bfs: Reconstruct file type when loading from disk - HID: hid-input: Extend Elan ignore battery quirk to USB - nvme: fix admin request_queue lifetime - [arm64] pinctrl: qcom: msm: Fix deadlock in pinmux configuration - [amd64] platform/x86: acer-wmi: Ignore backlight event - HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list - [amd64] platform/x86: huawei-wmi: add keys for HONOR models - [amd64] platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list - [amd64] platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally - HID: elecom: Add support for ELECOM M-XT3URBK (018F) - wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 - wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 - [amd64] comedi: check device's attached status in compat ioctls - staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser - staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing - staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing - bus: mhi: host: pci_generic: Add Telit FN920C04 modem support - bus: mhi: host: pci_generic: Add Telit FN990B40 modem support https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.63 - [arm64,armhf] gpu: host1x: Fix race in syncpt alloc/free - [amd64] accel/ivpu: Prevent runtime suspend during context abort work - [amd64] accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail - [amd64] accel/ivpu: Make function parameter names consistent - [amd64] accel/ivpu: Fix DCT active percent format - drm/vgem-fence: Fix potential deadlock on release - USB: Fix descriptor count when handling invalid MBIM extended descriptor - [arm64] pinctrl: renesas: rzg2l: Fix PMC restore - [arm64] clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback - [arm64] clk: renesas: Use str_on_off() helper - [arm64] clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register - [arm64] clk: renesas: cpg-mssr: Read back reset registers to assure values latched - HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() - objtool: Fix standalone --hacks=jump_label - objtool: Fix weak symbol detection - wifi: ath10k: Avoid vdev delete timeout when firmware is already down - wifi: ath10k: Add missing include of export.h - wifi: ath10k: move recovery check logic into a new work - wifi: ath11k: restore register window after global reset - sched/fair: Forfeit vruntime on yield - [arm*] irqchip/irq-brcmstb-l2: Fix section mismatch - [arm64,armhf] irqchip/imx-mu-msi: Fix section mismatch - [arm64] irqchip/renesas-rzg2l: Fix section mismatch - [riscv64] irqchip/starfive-jh8100: Fix section mismatch - [arm64] irqchip/qcom-irq-combiner: Fix section mismatch - crypto: authenc - Correctly pass EINPROGRESS back up to the caller - ntfs3: fix uninit memory after failed mi_read in mi_format_new - ntfs3: Fix uninit buffer allocated by __getname() - dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets - dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets - clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets - rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() - inet: Avoid ehash lookup race in inet_ehash_insert() - inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() - firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc - block/mq-deadline: Introduce dd_start_request() - block/mq-deadline: Switch back to a single dispatch list - [arm64] dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props - [arm64] dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl - [arm64] dts: imx8mp-venice-gw702x: remove off-board uart - [arm64] dts: imx8mp-venice-gw702x: remove off-board sdhc1 - perf annotate: Check return value of evsel__get_arch() properly - [arm64] dts: exynos: gs101: fix sysreg_apm reg property - uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe - soc: Switch back to struct platform_driver::remove() - [arm64] soc: qcom: gsbi: fix double disable caused by devm - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id - wifi: ath11k: fix VHT MCS assignment - wifi: ath11k: fix peer HE MCS assignment - [s390x] smp: Fix fallback CPU detection - [s390x] ap: Don't leak debug feature files if AP instructions are not available - [arm64] dts: ti: k3-am62p: Fix memory ranges for GPU - firmware: imx: scu-irq: fix OF node leak in - [arm64] dts: qcom: x1e80100: Fix compile warnings for USB HS controller - [arm64] dts: qcom: x1e80100: Add missing quirk for HS only USB controller - [arm64] dts: qcom: sdm845-oneplus: Correct gpio used for slider - [arm64] dts: qcom: sm8650: set ufs as dma coherent - [arm64] dts: qcom: qcm6490-shift-otter: Add missing reserved-memory - phy: mscc: Fix PTP for VSC8574 and VSC8572 - sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). - RDMA/rxe: Fix null deref on srq->rq.queue after resize failure - Revert "mtd: rawnand: marvell: fix layouts" - [arm64,armhf] mtd: nand: relax ECC parameter validation check - perf: Remove get_perf_callchain() init_nr argument - bpf: Refactor stack map trace depth calculation into helper function - bpf: Fix stackmap overflow check in __bpf_get_stackid() - [amd64] perf/x86/intel/cstate: Remove PC3 support from LunarLake - task_work: Fix NMI race condition - [amd64] x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() - tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set - [arm64] soc: qcom: smem: fix hwspinlock resource leak in probe error paths - [armhf] pinctrl: stm32: fix hwspinlock resource leak in probe function - i3c: fix refcount inconsistency in i3c_master_register - i3c: master: svc: Prevent incomplete IBI transaction - wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() - [arm64] interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS - [arm64] dts: qcom: msm8996: add interconnect paths to USB2 controller - interconnect: debugfs: Fix incorrect error handling for NULL path - drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() - perf lock contention: Load kernel map before lookup - perf record: skip synthesize event when open evsel failed - power: supply: rt5033_charger: Fix device node reference leaks - power: supply: cw2015: Check devm_delayed_work_autocancel() return code - power: supply: max17040: Check iio_read_channel_processed() return code - power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() - power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() - power: supply: wm831x: Check wm831x_set_bits() return value - power: supply: apm_power: only unset own apm_get_power_status - scsi: target: Do not write NUL characters into ASCII configfs output - fs/9p: Don't open remote file with APPEND mode when writeback cache is used - [arm64] drm/panthor: Handle errors returned by drm_sched_entity_init() - [arm64] drm/panthor: Fix group_free_queue() for partially initialized queues - [arm64] drm/panthor: Fix UAF race between device unplug and FW event processing - [arm64] drm/panthor: Fix race with suspend during unplug - [arm64] drm/panthor: Fix UAF on kernel BO VA nodes - libbpf: Fix parsing of multi-split BTF - [armhf] dts: am335x-netcom-plus-2xx: add missing GPIO labels - [armhf] dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible - [armhf] dts: omap3: n900: Correct obsolete TWL4030 power compatible - [amd64] x86/boot: Fix page table access in 5-level to 4-level paging transition - efi/libstub: Fix page table access in 5-level to 4-level paging transition - ext4: correct the checking of quota files before moving extents - [amd64] perf/x86/intel: Correct large PEBS flag check - regulator: core: disable supply if enabling main regulator fails - md: fix rcu protection in md_wakeup_thread - nbd: defer config put in recv_work - scsi: stex: Fix reboot_notifier leak in probe error path - scsi: smartpqi: Fix device resources accessed after device removal - dt-bindings: PCI: amlogic: Fix the register name of the DBI region - RDMA/rtrs: server: Fix error handling in get_or_create_srv - ntfs3: init run lock for extend inode - [arm64] drm/panthor: Fix potential memleak of vma structure - scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() - [amd64] cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs - [powerpc*] kdump: Fix size calculation for hot-removed memory ranges - [powerpc*] 32: Fix unpaired stwcx. on interrupt exit - wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() - nbd: defer config unlock in nbd_genl_connect - coresight: Change device mode to atomic type - [arm64] coresight: etm4x: Correct polling IDLE bit - [arm64] coresight: etm4x: Extract the trace unit controlling - [arm64] coresight: etm4x: Add context synchronization before enabling trace - lib/vsprintf: Check pointer before dereferencing in time_and_date() - ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() - ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() - scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls - leds: netxbig: Fix GPIO descriptor leak in error paths - bpf: Free special fields when update [lru_,]percpu_hash maps - PCI: keystone: Exit ks_pcie_probe() for invalid mode - [arm64] dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A - [arm64] dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C - [amd64] crypto: iaa - Fix incorrect return value in save_iaa_wq() - [arm64] drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype - ps3disk: use memcpy_{from,to}_bvec index - bpf: Handle return value of ftrace_set_filter_ip in register_fentry - bpf: Check skb->transport_header is set in bpf_skb_check_mtu - watchdog: wdat_wdt: Fix ACPI table leak in probe function - watchdog: starfive: Fix resource leak in probe error path - tracefs: fix a leak in eventfs_create_events_dir() - NFSD/blocklayout: Fix minlength check in proc_layoutget - block/blk-throttle: Fix throttle slice time for SSDs - [arm64] drm/msm/a2xx: stop over-complaining about the legacy firmware - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() - bpf: Fix invalid prog->stats access when update_effective_progs fails - [powerpc*] 64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit - [powerpc*] 64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format - fs/ntfs3: out1 also needs to put mi - fs/ntfs3: Prevent memory leaks in add sub record - [arm64] drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue - [arm64] drm/msm/a6xx: Flush LRZ cache before PT switch - [arm64] drm/msm/a6xx: Fix the gemnoc workaround - [arm64] drm/msm/a6xx: Improve MX rail fallback in RPMH vote init - ipv6: clear RA flags when adding a static route (Closes: #1117959) - pwm: bcm2835: Make sure the channel is enabled after pwm_request() - scsi: qla2xxx: Fix improper freeing of purex item - [amd64] iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb - wifi: mac80211: fix CMAC functions not handling errors - [arm64] mfd: mt6397-irq: Fix missing irq_domain_remove() in error path - [arm64] mfd: mt6358-irq: Fix missing irq_domain_remove() in error path - leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM - [arm64] phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() - [arm64] phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth - [arm64] phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits - net: phy: adin1100: Fix software power-down ready condition - cpuset: Treat cpusets in attaching as populated - wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() - RAS: Report all ARM processor CPER information to userspace - ima: Handle error code returned by ima_filter_rule_match() - usb: chaoskey: fix locking for O_NONBLOCK - usb: dwc2: disable platform lowlevel hw resources during shutdown - usb: dwc2: fix hang during shutdown if set as peripheral - usb: dwc2: fix hang during suspend if set as peripheral - usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE - [riscv64] KVM: Fix guest page fault within HLV* instructions - erofs: limit the level of fs stacking for file-backed mounts - RDMA/bnxt_re: Fix the inline size for GenP7 devices - RDMA/bnxt_re: Pass correct flag for dma mr creation - ASoC: tas2781: correct the wrong period - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() - firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc - staging: fbtft: core: fix potential memory leak in fbtft_probe_common() - [arm64] iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables - btrfs: fix leaf leak in an error path in btrfs_del_items() - PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition - drm/nouveau: restrict the flush page to a 32-bit address - iomap: factor out a iomap_dio_done helper - iomap: always run error completions in user context - wifi: ieee80211: correct FILS status codes - backlight: led-bl: Add devlink to supplier LEDs - backlight: lp855x: Fix lp855x.h kernel-doc warnings - [arm64] iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal - RDMA/irdma: Fix data race in irdma_sc_ccq_arm - RDMA/irdma: Fix data race in irdma_free_pble - RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY - [arm64] drm/panthor: Avoid adding of kernel BOs to extobj list - gfs2: Prevent recursive memory reclaim - firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER - drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() - hwmon: sy7636a: Fix regulator_enable resource leak on error path - ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 - ublk: prevent invalid access with DEBUG - ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation - of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node - virtio_vdpa: fix misleading return in void function - virtio: fix typo in virtio_device_ready() comment - virtio: fix whitespace in virtio_config_ops - virtio: fix grammar in virtio_queue_info docs - virtio: fix virtqueue_set_affinity() docs - vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues - vhost: Fix kthread worker cgroup failure handling - vdpa/pds: use %pe for ERR_PTR() in event handler registration - [amd64] ASoC: Intel: catpt: Fix error path in hw_params() - [armhf] dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend - [armhf] dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend - regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex - resource: replace open coded resource_intersection() - resource: introduce is_type_match() helper and use it - Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" - netfilter: flowtable: check for maximum number of encapsulations in bridge vlan - netfilter: nf_conncount: rework API to use sk_buff directly - netfilter: nft_connlimit: update the count if add was skipped - net: stmmac: fix rx limit check in stmmac_rx_zc() - vfio/pci: Use RCU for error/request triggers to avoid circular locking - net: phy: aquantia: check for NVMEM deferral - mtd: lpddr_cmds: fix signed shifts in lpddr_cmds - [arm64] remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs - md/raid5: fix IO hang when array is broken with IO inflight - net: hsr: remove one synchronize_rcu() from hsr_del_port() - net: hsr: remove synchronize_rcu() from hsr_add_port() - net: hsr: Create and export hsr_get_port_ndev() - net: hsr: create an API to get hsr port type - net: dsa: xrs700x: reject unsupported HSR configurations - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (CVE-2025-68325) - perf tools: Mark split kallsyms DSOs as loaded - perf tools: Fix split kallsyms DSO counting - perf hist: In init, ensure mem_info is put on error paths - [arm64,armhf] pinctrl: single: Fix incorrect type for error return variable - fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() - 9p: fix cache/debug options printing in v9fs_show_options - sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out - [amd64] platform/x86:intel/pmc: Update Arrow Lake telemetry GUID - f2fs: keep POSIX_FADV_NOREUSE ranges - f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages - f2fs: fix to avoid running out of free segments - f2fs: add carve_out sysfs node - f2fs: sysfs: add encoding_flags entry - f2fs: introduce reserved_pin_section sysfs entry - f2fs: add gc_boost_gc_multiple sysfs node - f2fs: add gc_boost_gc_greedy sysfs node - f2fs: maintain one time GC mode is enabled during whole zoned GC cycle - NFS: Avoid changing nlink when file removes and attribute updates race - fs/nls: Fix utf16 to utf8 conversion - NFS: Initialise verifiers for visible dentries in readdir and lookup - NFS: Initialise verifiers for visible dentries in nfs_atomic_open() - nfs/vfs: discard d_exact_alias() - NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid - Revert "nfs: ignore SB_RDONLY when remounting nfs" - Revert "nfs: clear SB_RDONLY before getting superblock" - Revert "nfs: ignore SB_RDONLY when mounting nfs" - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags - Expand the type of nfs_fattr->valid - NFS: Fix inheritance of the block sizes when automounting - fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() - [amd64] platform/x86: asus-wmi: use brightness_set_blocking() for kbd led - blk-mq: Abort suspend when wakeup events are pending - block: fix comment for op_is_zone_mgmt() to include RESET_ALL - block: fix memory leak in __blkdev_issue_zero_pages - nvme-auth: use kvfree() for memory allocated with kvcalloc() - drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() - regulator: fixed: Rely on the core freeing the enable GPIO - ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events - drm/nouveau: refactor deprecated strcpy - cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 - docs: hwmon: fix link to g762 devicetree binding - dma/pool: eliminate alloc_pages warning in atomic_pool_expand - ALSA: uapi: Fix typo in asound.h comment - drm/amdkfd: Use huge page size to check split svm range alignment - rtc: gamecube: Check the return value of ioremap() - ALSA: firewire-motu: add bounds check in put_user loop for DSP events - block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock - block: return unsigned int from queue_dma_alignment - dm-raid: fix possible NULL dereference with undefined raid type - dm log-writes: Add missing set_freezable() for freezable kthread - efi/cper: Add a new helper function to print bitmasks - efi/cper: Adjust infopfx size to accept an extra space - efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs - scsi: imm: Fix use-after-free bug caused by unfinished delayed work (CVE-2025-68324) - irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() - ocfs2: fix memory leak in ocfs2_merge_rec_left() - net: lan743x: Allocate rings outside ZONE_DMA - net: dst: introduce dst->dev_rcu - tcp_metrics: use dst_dev_net_rcu() (CVE-2025-40075) - usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt - usb: phy: Initialize struct usb_phy list_head - usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required - ALSA: dice: fix buffer overflow in detect_stream_formats() - ALSA: wavefront: Fix integer overflow in sample size validation . [ Uwe Kleine-König ] * [armhf] Enable LEDS_TURRIS_OMNIA as a module for Turris Omnia LED support. . [ Maxwell Pevner ] * drivers/hid: Enable HID_UNIVERSAL_PIDFF as module (Closes: #1122144) lua-wsapi (1.6.1-3+deb13u1) trixie; urgency=medium . * Fix Homepage. * Recover common module for lua5.1. (Closes: #1123592) lxc (1:6.0.4-4+deb13u1) trixie; urgency=medium . [ Frost ] * Add lxc-net dependency to sysvinit script (Closes: #1122149) . [ Mathias Gibbens ] * Cherry-pick upstream fix to stop printing misleading errors in enter_net_ns() (Closes: #1118024) * Cherry-pick upstream fix for generating apparmor.d/abstractions/lxc/container-base (partially addresses: #1111087) * Cherry-pick upstream fix for restarting unprivileged containers (Closes: #1123979) lxd (5.0.2+git20231211.1364ae4-9+deb13u2) trixie; urgency=medium . * Cherry-pick upstream fix for broken idmapping with kernel 6.9+ * Cherry-pick upstream fix for CVE-2025-64507 / GHSA-56mx-8g9f-5crf matlab-support (0.1.1+deb13u1) trixie; urgency=medium . * No longer rename libvulkan.so.1 and libfreetype.so.6 in postinst (Closes: #1120681) mbedtls (3.6.5-0.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . mbedtls (3.6.5-0.1) unstable; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-54764: Side channel in RSA key generation and operations (Closes: #1118750) - CVE-2025-59438: Padding oracle through timing of cipher error reporting (Closes: #1118752) mediawiki (1:1.43.6+dfsg-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. mediawiki (1:1.43.5+dfsg-1) unstable; urgency=medium . * New upstream version 1.43.5, fixing CVE-2025-11173, CVE-2025-61634, CVE-2025-61635, CVE-2025-61636, CVE-2025-61637, CVE-2025-61638, CVE-2025-61639, CVE-2025-61640, CVE-2025-61641, CVE-2025-61642, CVE-2025-61643, CVE-2025-61646, CVE-2025-61652, CVE-2025-61653, CVE-2025-61654, CVE-2025-61655, CVE-2025-61656, CVE-2025-61657. This version is not affected by CVE-2025-61645. * Drop patches merged upstream. * Include the font required to render the two-factor authentication enabling interface. mirrorbits (0.6.1-1~deb13u1) trixie; urgency=medium . * New upstream version [0.6.1] * Fix "Internal Server Error" regressions. Mirrorbits must redirect users to the fallback mirror(s) if ever the database is unreachable. This was broken in version 0.6, and fixed in 0.6.1. * Normalize URL for fallback mirror(s), as it's done for all the other mirrors. Fix bogus redirections if ever the fallback URL doesn't end with a trailing slash. mongo-c-driver (1.30.4-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-12119: mongoc_bulk_operation_t may read invalid memory if large options are passed. mutter (48.7-0+deb13u1) trixie; urgency=medium . * Team upload * New upstream stable release 48.6 - Fix drag-and-drop actions not working reliably in some X11 clients (mutter#4288 upstream) - Fix delayed frame presentation with the commit-timing-v1 Wayland extension (mutter#4258 upstream) - Avoid a crash if a GNOME Shell extension tries to delete the same window more than once (mutter#4319 upstream) - Avoid a crash in the Wayland session if a non-GNOME desktop environment previously set the cursor size in GSettings to zero; recover by resetting it to the default, 24px (mutter#3933 upstream) - Fix crashes if a GNOME Shell extension uses certain Cogl pipeline APIs (mutter#4352 upstream) - Save the intended size for tiled windows when saving session state (mutter!4697 upstream) - Avoid potential crashes when saving the state of a window with no valid toplevel state (mutter!4697 upstream) - Remove dead code detected by static analysis (mutter!4697 upstream) * New upstream stable release 48.7 - For fullscreen Wayland windows, if the window has a size limit smaller than the screen, add black borders around the limited size and log a warning (mutter!4587 upstream) - Avoid a crash when activating a notification that has no app info (mutter!4705 upstream) - Avoid a potential crash when checking whether a client owns a window that is disappearing (mutter!4643 upstream) - Test suite enhancements . [ Simon McVittie ] * d/libmutter-test-16.symbols: Update for new ABI added by the test suite enhancements (nothing in Debian outside the mutter source package is likely to use this, except possibly a future version of gnome-shell) * Revert "d/gbp/conf, d/control: Switch packaging branch for forky" * Add a mention of #1121170 to the previous changelog entry mutter (48.5-1) unstable; urgency=medium . * Team upload * New upstream stable release - Fix X11 drag-and-drop with a graphics tablet stylus, which would previously freeze the application (mutter#3914 upstream) - Fix a file descriptor leak that would cause a crash after a long screencast (mutter#4251 upstream) - Fix crash with an assertion failure when screencasting from an Apple aarch64 system (mutter#4224 upstream) - Fix detection of the "Privacy Screen" feature on hardware that supports it (mutter#4259 upstream) - Update the EIS viewport used for input capture when a virtual monitor stream is resized (mutter!4622 upstream) - Fix a crash when combining the screen time limit's greyscale effect, the screen magnifier and the screenshot tool (mutter#8634 upstream) - Fix a crash when unplugging a docking station with two monitors (mutter#4262 upstream) - Translation update: th * d/gbp/conf, d/control: Switch packaging branch for forky node-nodemailer (6.10.0+~6.4.17-1+deb13u1) trixie; urgency=medium . * Fix addressparser handling of quoted nested email addresses (Closes: CVE-2025-13033) openconnect (9.12-3+deb13u2) trixie; urgency=medium . * Non-maintainer upload. * use the unsigned printf qualifier for size_t : fixes MinGW{32,64} build * Use RFC9266 'tls-exporter' channel bindings for Cisco STRAP with TLSv1.3 (Closes: #1099497) openconnect (9.12-3+deb13u1) trixie; urgency=medium . * Non-maintainer upload. [ Luca Boccassi ] * d/copyright: update Upstream-Contact to mailing list . [ Lee Garrett ] * Patch: Respect path in AnyConnect/OpenConnect XML form handling (Closes: #1119239) * Update debian/gbp.conf to match debian/trixie branch openvpn (2.6.14-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patches for CVE-2025-13086 - check-message-id.patch: Check message id/acked ids too when doing sessionid cookie checks - bugfix for floating client problem, code prequesite for the CVE patch to apply - CVE-2025-13086.patch: Fix memcmp check for the hmac verification in the 3way handshake being inverted (Closes: #1121086) * fix-ftbfs-kernel-6.16.patch: Fix compilation against 6.16+ kernel headers (Closes: #1114249) * d/gbp.conf: set debian-branch for trixie pdfminer (20221105+dfsg-1.1~deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for trixie-security pdfminer (20221105+dfsg-1.1~deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Rebuild for bookworm-security pdns-recursor (5.2.7-0+deb13u1) trixie-security; urgency=medium . * New upstream version 5.2.7, fixing CVE-2025-59030. pgbouncer (1.24.1-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the Debian LTS Security Team. * CVE-2025-12819: execute arbitrary SQL during authentication. Untrusted search path in auth_query connection handler in PgBouncer before 1.25.1 allows an unauthenticated attacker to execute arbitrary SQL during authentication via a malicious search_path parameter in the StartupMessage. postgresql-17 (17.7-0+deb13u1) trixie; urgency=medium . * New upstream version 17.7. . + Check for CREATE privileges on the schema in CREATE STATISTICS (Jelte Fennema-Nio) . This omission allowed table owners to create statistics in any schema, potentially leading to unexpected naming conflicts. . The PostgreSQL Project thanks Jelte Fennema-Nio for reporting this problem. (CVE-2025-12817) . + Avoid integer overflow in allocation-size calculations within libpq (Jacob Champion) . Several places in libpq were not sufficiently careful about computing the required size of a memory allocation. Sufficiently large inputs could cause integer overflow, resulting in an undersized buffer, which would then lead to writing past the end of the buffer. . The PostgreSQL Project thanks Aleksey Solovev of Positive Technologies for reporting this problem. (CVE-2025-12818) postgresql-17 (17.6-1) unstable; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. * Drop obsolete patches: focal-arm64-outline-atomics, jit-s390x. pylint-django (2.0.13-5+deb13u1) trixie; urgency=medium . * Add salsa-ci.yml. * Add smoke autopkgtest. * Delete unused broken unit-tests-p3 autopkgtest. * Fix scoped_nodes import (Closes: #1121404). qemu (1:10.0.7+ds-0+deb13u1) trixie; urgency=medium . * 10.0.7 upstream stable/bugfix release: - Update version for 10.0.7 release - kvm: Fix kvm_vm_ioctl() and kvm_device_ioctl() return value - docs/devel: Update URL for make-pullreq script - target/arm: Fix assert on BRA. - hw/aspeed/{xdma, rtc, sdhci}: Fix endianness to DEVICE_LITTLE_ENDIAN - hw/core/machine: Provide a description for aux-ram-share property - hw/pci: Make msix_init take a uint32_t for nentries - block/io_uring: avoid potentially getting stuck after resubmit at the end of ioq_submit() - block-backend: Fix race when resuming queued requests - ui/vnc: Fix qemu abort when query vnc info - chardev/char-pty: Do not ignore chr_write() failures - hw/display/exynos4210_fimd: Account for zero length in fimd_update_memory_section() - hw/arm/armv7m: Disable reentrancy guard for v7m_sysreg_ns_ops MRs - hw/arm/aspeed: Fix missing SPI IRQ connection causing DMA interrupt failure - migration: Fix transition to COLO state from precopy - qmp: Fix a typo for a USO feature - MAINTAINERS: Add functional tests that are not covered yet - tests/functional: Remove unnecessary import statements - tests/functional: Remove semicolons at the end of lines - Remove the remainders of the Avocado tests - docs/devel/testing: Dissolve the ci-definitions.rst.inc file - gitlab-ci: Update QEMU_JOB_AVOCADO and QEMU_CI_AVOCADO_TESTING - tests/functional: Convert the SMMU test to the functional framework - tests/functional: Use the tuxrun kernel for the aarch64 replay test - tests/functional: Use the tuxrun kernel for the x86 replay test - tests/avocado: Remove the boot_linux.py tests - tests/functional: Convert the 64-bit big endian Wheezy mips test - tests/functional: Convert the 64-bit little endian Wheezy mips test - tests/functional: Convert the 32-bit little endian Wheezy mips test - tests/functional: Convert the 32-bit big endian Wheezy mips test - tests/avocado: Remove the LinuxKernelTest class - tests/functional: Convert the i386 replay avocado test - tests/functional: Convert reverse_debugging tests to the functional framework - tests/functional: Move the check for the parameters from avocado to functional - gitlab-ci: Remove the avocado tests from the CI pipelines - tests/functional/test_vnc: skip test if no crypto backend available - target/i386: fix stack size when delivering real mode interrupts - target/i386: svm: fix sign extension of exit code - target/i386/tcg: validate segment registers - target/i386: Mark VPERMILPS as not valid with prefix 0 - hw/southbridge/lasi: Correct LasiState parent - hw/dma/zynq-devcfg: Fix register memory - tests/functional: handle URLError when fetching assets - tests/functional: fix formatting of exception args - block/io: Take reqs_lock for tracked_requests - nvme: Fix coroutine waking - nvme: Kick and check completions in BDS context - curl: Fix coroutine waking - nfs: Run co BH CB in the coroutine’s AioContext - rbd: Run co BH CB in the coroutine’s AioContext - tests: move test_virt_gpu to share.linaro.org - tests: move test_kvm_xen to share.linaro.org - tests: move test_netdev_ethtool to share.linaro.org - tests: move test_virt assets to share.linaro.org - tests: move test_xen assets to share.linaro.org - block: add test non-active commit with zeroed data - block: allow commit to unmap zero blocks - block: refactor error handling of commit_iteration - block: move commit_run loop to separate function - block: get type of block allocation in commit_run - hw/misc/npcm_clk: Don't divide by zero when calculating frequency - hw/display/xlnx_dp: Don't abort for unsupported graphics formats - hw/display/xlnx_dp.c: Don't abort on AUX FIFO overrun/underrun - net: pad packets to minimum length in qemu_receive_packet() Closes: #1119917, CVE-2025-12464 (buffer overflow in e1000_receive_iov) - hw/net/e1000e_core: Adjust e1000e_write_payload_frag_to_rx_buffers() assert - hw/net/e1000e_core: Correct rx oversize packet checks - hw/net/e1000e_core: Don't advance desc_offset for NULL buffer RX descriptors - qio: Protect NetListener callback with mutex - qio: Remember context of qio_net_listener_set_client_func_full - qio: Unwatch before notify in QIONetListener - qio: Add trace points to net_listener - tests/qemu-iotest: fix iotest 024 with qed images - qemu-img rebase: don't exceed IO_BUF_SIZE in one operation - qemu-img: Fix amend option parse error handling - tests/qtest/bios-tables-test: Update DSDT blobs after GPEX _DSM change - hw/pci-host/gpex-acpi: Fix _DSM function 0 support return value - tests/qtest/bios-tables-test: Prepare for _DSM change in the DSDT table - vhost-user: fix shared object lookup handler logic - target/x86: Correctly handle invalid 0x0f 0xc7 0xxx insns - hostmem/shm: Allow shm memory backend serve as shared memory for coco-VMs - tests/tcg/s390x: Test SET CLOCK COMPARATOR - target/s390x: Use address generation for register branch targets - target/s390x: Fix missing clock-comparator interrupts after reset - target/s390x: Fix missing interrupts for small CKC values - target/microblaze: Handle signed division overflows - target/microblaze: div: Break out raise_divzero() - target/microblaze: Remove unused arg from check_divz() - gdbstub: Fix %s formatting - block/curl.c: Fix CURLOPT_VERBOSE parameter type - block: fix luks 'amend' when run in coroutine - block: remove 'detached-header' option from opts after use - i386/kvm/cpu: Init SMM cpu address space for hotplugged CPUs - hw/i386/pc: Avoid overlap between CXL window and PCI 64bit BARs in QEMU 10.0.x - target/i386: clear CPU_INTERRUPT_SIPI for all accelerators - linux-user: permit sendto() with NULL buf and 0 len - linux-user: Use correct type for FIBMAP and FIGETBSZ emulation - qtest/am53c974-test: add additional test for cmdfifo overflow - esp.c: fix esp_cdb_ready() FIFO wraparound limit calculation - hw/hppa: Fix interrupt of LASI parallel port - nw/nvram/ds1225y: Fix nvram MemoryRegion owner - target/hppa: Set FPCR exception flag bits for non-trapped exceptions - hw/scsi: avoid deadlock upon TMF request cancelling with VirtIO - crypto: stop requiring "key encipherment" usage in x509 certs - io: fix use after free in websocket handshake code Closes: #1117153, CVE-2025-11234 (UAF in websocket handshake code) - io: move websock resource release to close method - io: release active GSource in TLS channel finalizer - target/riscv: fix riscv_cpu_sirq_pending() mask - target/riscv/kvm: fix env->priv setting in reset_regs_csr() - target/riscv/kvm: add scounteren CSR - target/riscv/kvm: read/write KVM regs via env size - target/riscv/kvm: add senvcfg CSR - aplic: fix mask for smsiaddrcfgh - hw/riscv: Correct mmu-type property of sifive_u harts in device tree - target/arm: Fix reads of CNTFRQ_EL0 in linux-user mode - hw/ppc/e500: Check for compatible CPU type instead of aborting ungracefully - ui/gtk-gl-area: Remove extra draw call in refresh - tests/tcg/multiarch/linux/linux-test: Don't try to test atime update * linux-user-use-correct-type-for-FIBMAP-and-FIGETBSZ.patch: remove, applied upstream * d/control: qemu-system-xen: add the forgotten ipxe-qemu dependency qemu-system binaries require pxe boot roms for the network adaptors. When splitting qemu-system-xen into its own package, this dependency has been forgotten initally, but has been enabled for bookworm (#1035676). However, this change were lost when uploading the next version of qemu aimed for trixie. So trixie has this issue too, despite it's been fixed in bookworm already. (Closes: #1035676, #1120146) qiv (3.0.1-2+deb13u1) trixie; urgency=medium . * debian/patches/putenv-x11.diff: Closes: #1103712. r-bioc-beachmat (2.22.0+ds-3~deb13u1) trixie; urgency=medium . * Team upload. . [ Michael R. Crusoe ] * Patch up part of a test that depends on the "beachmat.hdf5" R package, which is not yet in Debian. Closes: #1111758 r-cran-gh (1.4.1-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the Debian LTS team. * d/patches/CVE-2025-54956.patch: Add patch to fix CVE-2025-54956. - The HTTP response is delivered in a data structure that includes the Authorization header from the corresponding HTTP request (closes: #1110481). rails (2:7.2.2.2+dfsg-2~deb13u1) trixie-security; urgency=medium . * Team upload * New upstream release * Fix CVE-2025-24293 (Closes: #1111106) Active Record connects classes to relational database tables. The ID passed to find or similar methods may be logged without escaping. If this is directly to the terminal it may include unescaped ANSI sequences. * Fix CVE-2025-55193. Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allowing for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. * Target trixie in salsaCI rails (2:7.2.2.2+dfsg-1) unstable; urgency=medium . * Team upload. . [ Soren Stoutner ] * New upstream release (fixes CVE-2025-24293 and CVE-2025-55193). * debian/control: Remove "Breaks: ruby-actionpack-action-caching (<< 1.2.2)" (see https://lists.debian.org/debian-ruby/2025/08/msg00017.html). * debian/copyright: - Add Soren Stoutner to the debian/* stanza. - Add Lucas Nussbaum to the debian/* stanza. - Remove the unused GPL license. . [ Lucas Nussbaum ] * Remove unnecessary debian/.gitattributes. * debian/gbp.conf: Make compliant with DEP-14 defaults. * debian/salsa-ci.yml: Change to use the team-specific include. reform-tools (1.71-2+deb13u1) trixie; urgency=medium . * add patch to allow building lpc for linux 6.17 from trixie-backports rlottie (0.1+dfsg-4.2+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2025-0634 (Closes: #1109341) CVE-2025-53074 CVE-2025-53075 Most patches to fix these issues are already part of: Fix-crash-on-invalid-data.patch The remaining boundary check is left in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch For the sake of completeness, the whole upstream patch for these CVEs is added in: CVE-2025-0634-CVE-2025-53074-CVE-2025-53075.patch.org roundcube (1.6.12+dfsg-0+deb13u1) trixie-security; urgency=high . * New upstream security and bugfix release (closes: #1122899). + Fix CVE-2025-68461: Cross-Site-Scripting vulnerability via SVG's animate tag. + Fix CVE-2025-68460: Information Disclosure vulnerability in the HTML style sanitizer. * Refresh d/patches. * d/gbp.conf: Set debian-branch=debian/trixie. * Salsa CI: Set RELEASE=trixie, disable reprotest and lintian jobs. rsync (3.4.1+ds1-5+deb13u1) trixie; urgency=medium . * Team upload. * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158 . A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. rust-sequoia-openpgp (2.0.0-2+deb13u1) trixie; urgency=medium . * Add upstream commit b59886e5 (via debian/patches, edited to apply cleanly) to fix an underflow in aes_key_unwrap / CVE-2025-67897 to prevent DOS (crash) via special crafted encrypted messages. Closes: #1122582. rust-sudo-rs (0.2.5-5+deb13u1) trixie-security; urgency=high . * Team upload * Ensure (partially) input passwords are not printed if killed during password prompt (Fixes:: GHSA-q428-6v73-fc4q) * Ensure `Defaults targetpw` and `Defaults rootpw` are taken into account for timestamp files (Fixes: GHSA-c978-wq47-pvvw) sbuild (0.89.3+deb13u4) trixie; urgency=medium . * Revert "Actually use UNSHARE_MMDEBSTRAP_ENV_CMD" . sbuild (0.89.3+deb13u3) trixie; urgency=medium . * Actually use UNSHARE_MMDEBSTRAP_ENV_CMD * lib/Sbuild/Build.pm: preserve TMPDIR for piuparts * Obey $TMPDIR for autopkgtest dsc mkdtemp * Fix tempdir for autopkgtest * Initialize variable . sbuild (0.89.3+deb13u2) trixie; urgency=medium . [ Jochen Sprickerhof ] * Explicitly select the sbuild-build-depends-main-dummy package arch (Closes: #1119344) . [ Johannes Schauer Marin Rodrigues ] * lib/Sbuild/Build.pm: preserve TMPDIR when running autopkgtest (Closes: #1121503) * lib/Sbuild/Build.pm: perltidy sbuild (0.89.3+deb13u3) trixie; urgency=medium . * Actually use UNSHARE_MMDEBSTRAP_ENV_CMD * lib/Sbuild/Build.pm: preserve TMPDIR for piuparts * Obey $TMPDIR for autopkgtest dsc mkdtemp * Fix tempdir for autopkgtest * Initialize variable . sbuild (0.89.3+deb13u2) trixie; urgency=medium . [ Jochen Sprickerhof ] * Explicitly select the sbuild-build-depends-main-dummy package arch (Closes: #1119344) . [ Johannes Schauer Marin Rodrigues ] * lib/Sbuild/Build.pm: preserve TMPDIR when running autopkgtest (Closes: #1121503) * lib/Sbuild/Build.pm: perltidy sbuild (0.89.3+deb13u2) trixie; urgency=medium . [ Jochen Sprickerhof ] * Explicitly select the sbuild-build-depends-main-dummy package arch (Closes: #1119344) . [ Johannes Schauer Marin Rodrigues ] * lib/Sbuild/Build.pm: preserve TMPDIR when running autopkgtest (Closes: #1121503) * lib/Sbuild/Build.pm: perltidy smb4k (4.0.0-1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix two security issues in the KAuth mounthelper: - CVE-2025-66002: local users can perform arbitrary unmounts via smb4kmounthelper due to lack of input validation - CVE-2025-66003: local users can perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba share (Closes: #1122381) * Merge Smb4KHardwareInterface class from master so that the merged security fixes can be compiled sogo (5.12.1-3+deb13u1) trixie; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2025-63498 - Cross Site Scripting (XSS) * CVE-2025-63499 - Cross Site Scripting (XSS) (Closes: #1121952) strongswan (6.0.1-6+deb13u2) trixie-security; urgency=medium . * d/patches: add fix for buffer overflow in EAP-MSCHAPv2 (CVE-2025-62291) suricata (1:7.0.10-1+deb13u2) trixie; urgency=medium . * Fix CVE-2025-64344 in 7.0.10. Cherry-Picked from upstream a7ff4c9ba53009680c7cd128b16c28d0aeda9886. * Fix CVE-2025-64333 in 7.0.10. Cherry-Picked from upstream 4b1d284bb57219b6677a8bda5cdc14a24a6aa22d. * Fix CVE-2025-64332 in 7.0.10. Cherry-Picked from upstream f67d72702a2601d0a86ac1450686e70d7176f629. * Fix CVE-2025-64331 in 7.0.10. Cherry-Picked from upstream 5abf9b81e78476f49ab074f3a74b5840747cd069. Added missing function declaration and refreshed patch by quilt. * Fix CVE-2025-64330 in 7.0.10. Cherry-Picked from upstream 5d6c24cc2ce6a390c0956b7ecb2c5efc47e72abc. survex (1.4.17-1+deb13u1) trixie; urgency=medium . * New patch fix-find-stations-search-box-width.patch backported from 1.4.18. This fixes the width of the "find stations" search box to make it actually usable again. Closes: #1109835 swift (2.35.1-0+deb13u1) trixie-security; urgency=medium . * New upstream point release: This new point release adds the feature to allow the use of aws-chunked transfer encoding. This is important because most S3 clients are using the boto library that has dropped support for any other protocol. This upstream point release contains only that change, which is minimal and will not affect any deployment other than accepting aws-chunked transfer. * Blacklist 2 unit tests that require isal lib to be installed: - test_sig_v4_strm_unsgnd_pyld_trl_checksum_hdr_unsupported - test_get_checksum_hasher * OSSA-2025-002: kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., from a presigned S3 URL), an unauthenticated attacker may obtain Keystone authorization (ec2tokens can yield a fully scoped token; s3tokens can reveal scope accepted by some services), resulting in unauthorized access and privilege escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients (e.g., exposed on a public API) are affected. Swift needs to be modified to accept the fix for Keystone, otherwise S3 authentication will stop working. Deployers are advised to update Swift first, as the patched swift will work with unpatched keystone, while the opposite isn't true. Applied upstream patch (Closes: #1120057): Add bug-2119646-swift.patch, which offers swift side compatibility with the keystone fix. swupdate (2024.12.1+dfsg-3+deb13u1) trixie; urgency=medium . * Backport: suricatta/wfx: Fix rebooting (Closes: #1118485) symfony (6.4.21+dfsg-2+deb13u1) trixie; urgency=medium . * Backport security fix from Symfony 6.4.29: - [HttpFoundation] Fix parsing pathinfo with no leading slash [CVE-2025-64500] * Use debian/trixie branch * [Finder] Drop data from testsuite thunderbird (1:140.6.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.6.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.5.0esr-1) unstable; urgency=medium . [ Paul Gevers ] * [e457726] tests: help.sh is really a very superficial test, so let's mark it as such (Closes: #1120427) . [ Christoph Goehre ] * [4908c1a] New upstream version 140.5.0esr Fixed CVE issues in upstream version 140.5 (MFSA 2025-91): CVE-2025-13012: Race condition in the Graphics component CVE-2025-13016: Incorrect boundary conditions in the JavaScript: WebAssembly component CVE-2025-13017: Same-origin policy bypass in the DOM: Notifications component CVE-2025-13018: Mitigation bypass in the DOM: Security component CVE-2025-13019: Same-origin policy bypass in the DOM: Workers component CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component CVE-2025-13020: Use-after-free in the WebRTC: Audio/Video component CVE-2025-13014: Use-after-free in the Audio/Video component CVE-2025-13015: Spoofing issue in Thunderbird thunderbird (1:140.5.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.5.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.4.0esr-1) unstable; urgency=medium . * [d34f599] New upstream version 140.4.0esr Fixed CVE issues in upstream version 140.4 (MFSA 2025-85): CVE-2025-11708: Use-after-free in MediaTrackGraphImpl::GetInstance() CVE-2025-11709: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11710: Cross-process information leaked due to malicious IPC messages CVE-2025-11711: Some non-writable Object properties could be modified CVE-2025-11712: An OBJECT tag type attribute overrode browser behavior on web resources without a content-type CVE-2025-11713: Potential user-assisted code execution in “Copy as cURL” command CVE-2025-11714: Memory safety bugs fixed in Firefox ESR 115.29, Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 CVE-2025-11715: Memory safety bugs fixed in Firefox ESR 140.4, Thunderbird ESR 140.4, Firefox 144 and Thunderbird 144 tryton-sao (7.0.28+ds1-1+deb13u2) trixie-security; urgency=high . * Add 02_escape_completion_content.patch. Patch for security issue: https://foss.heptapod.net/tryton/tryton/-/issues/14363 Stored XSS Vulnerability Found in Party Field Leading to Arbitrary JavaScript Execution S.a. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1121233 tryton-server (7.0.30-1+deb13u1) trixie-security; urgency=high . * Add 03_traceback_in_RPC.patch, 04_enforce_access_check_html_editor.patch, 05_enforce_access_check_export_data.patch . Fixes for security issues: . Enforce access check in HTML editor route https://bugs.debian.org/1121241 (s.a. #1121241) -> https://foss.heptapod.net/tryton/tryton/-/issues/14364 . Include the traceback only in RPC responses in development mode https://bugs.debian.org/1121242 (s.a. #1121242) -> https://foss.heptapod.net/tryton/tryton/-/issues/14354 . Enforce access check in export_data https://bugs.debian.org/1121243 (s.a. #1121243) -> https://foss.heptapod.net/tryton/tryton/-/issues/14366 tzsetup (1:0.132+deb13u1) trixie; urgency=medium . [ Holger Wansing ] * Fix timezone for Argentina. Closes: #1111332. * Fix timezone for Ukraine as well (from MR4). unbound (1.22.0-2+deb13u1) trixie-security; urgency=high . [ Guilhem Moulin ] * Fix CVE-2025-11411: Cache poisoning vulnerability via NS RRSet injection * debian/salsa-ci.yml: Disable reprotest and lintian jobs, set RELEASE=trixie . [ Michael Tokarev ] * CVE-2025-11411-additional-nodata.patch -- additional fixes for CVE-2025-11411 (Closes: #1121446, CVE-2025-11411) * d/gbp.conf: set default branch to debian/trixie vlc (3.0.22-0+deb13u1) trixie-security; urgency=medium . * New upstream version 3.0.22 * debian/gbp.conf: Work in trixie branch * debian/patches: Remove patches from upstream vlc (3.0.22-0+deb12u1) bookworm-security; urgency=medium . * New upstream version 3.0.22 * debian/: Re-enable VAAPI support (Closes: #1021601, #1013898) vlc (3.0.22~rc2-1) unstable; urgency=medium . [ John Paul Adrian Glaubitz ] * Fix FTBFS on powerpc (Closes: #1115385) . [ Sebastian Ramacher ] * New upstream version 3.0.22~rc2 - Fix installation of Assamese translation (Closes: #1085961) vlc (3.0.22~rc1-1) unstable; urgency=medium . * New upstream version 3.0.22~rc1 * debian/control: - Fix version constraints on suggested plugins - Drop alternative libmodplug-dev BD - Remove dpkg-dev dependency satisfied in stable * debian/: - Remove zsh completion to make the package reproducible - Switch to lua 5.4 (Closes: #1099742) Check the NEWS entry of vlc-plugin-base on potential issues. - Update lintian overrides for new format * debian/watch: Migrate to version 5 * debian/rules: - debhelper now skips override_dh_auto_test if nocheck is specified - Remove handling of libtar as it got dropped upstream * debian/patches: Remove upstream patches included in 3.0.22~rc1 * debian/copyright: - Remove old FSF address - Update copyright years vlc (3.0.21-11) unstable; urgency=medium . * debian/rules: Disable postproc plugin since libpostproc is removed from ffmpeg 8.0 * debian/control: - Bump Standards-Version - Remove unused BD on libvcdinfo-dev webkit2gtk (2.50.4-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the clang compiler on armhf since trixie already uses clang-19 by default. webkit2gtk (2.50.4-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.3-1) unstable; urgency=medium . [ Alberto Garcia ] * New upstream release. * Use the default gcc (gcc-15) again in mips64el now that #1116217 has been fixed. * Drop fix-crash.patch and fix-link-error.patch. . [ Jeremy Bicha ] * debian/control.in: - Stop suggesting devhelp, it's going to be removed from Debian. webkit2gtk (2.50.3-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the clang compiler on armhf since trixie already uses clang-19 by default. webkit2gtk (2.50.3-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.2-1) unstable; urgency=medium . * New upstream release. * debian/patches/fix-link-error.patch: - Cherry pick build fix for 2.50.2. * debian/patches/fix-crash.patch: - Cherry pick crash fix. * As of 2.50.0, WebKitGTK no longer depends on GstTranscoder (WebKit bug #295985). - debian/control.in: Remove build dependency on libgstreamer-plugins-bad1.0-dev. - debian/rules: Don't use -DUSE_GSTREAMER_TRANSCODER=OFF in Ubuntu. * debian/control.in: - Drop build dependency on libgirepository1.0-dev (Closes: #1118932). - Remove Rules-Requires-Root: no, as this is the default value since dpkg 1.22.13 (fixes redundant-rules-requires-root-no-field). * Use clang-19 on armhf since the build fails with versions 20 and 21 (WebKit bug #290167). webkit2gtk (2.50.2-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the gcc compiler on mips64el since trixie already uses gcc-14 by default. * Don't override the clang compiler on armhf since trixie already uses clang-19 by default. webkit2gtk (2.50.2-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * Don't override the gcc compiler on mips64el since bookworm uses gcc 12 and not gcc 15 (#1116217). * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.1-1) unstable; urgency=medium . * New upstream release. * debian/control.in: - Enable the bubblewrap sandbox in loong64. - Remove Gustavo from the list of uploaders, he hasn't been active in over a decade. Obrigado, amigo! * debian/rules: - Enable Skia in loong64, it builds fine with GCC 15.2.0 (but not with clang 19: "neon.h: error: _Float16 is not supported on this target") - Stop using -DDEBUG_FISSION=OFF, this is already disabled by default if developer mode is not enabled (WebKit bug #252679). - Use DEB_HOST_ARCH_BITS instead of DEB_BUILD_ARCH_BITS to detect if we're making a 32-bit build. This won't make a difference in practice but it's the correct way to do it. * Drop fix-ftbfs-i386.patch and fix-ftbfs-s390x.patch. wordpress (6.8.3+dfsg1-0+deb13u1) trixie-security; urgency=high . * Non-maintainer upload. * New upstream version 6.8.3+dfsg1. (Fixes: CVE-2025-58674, CVE-2025-58246) xen (4.20.2+7-g1badcf5035-0+deb13u1) trixie-security; urgency=medium . Significant changes: * Update to new upstream version 4.20.2+7-g1badcf5035, which also contains security fixes for the following issues: (Closes: #1105193) (Closes: #1120075) - x86: Indirect Target Selection XSA-469 CVE-2024-28956 - x86: Incorrect stubs exception handling for flags recovery XSA-470 CVE-2025-27465 - x86: Transitive Scheduler Attacks XSA-471 CVE-2024-36350 CVE-2024-36357 - Multiple vulnerabilities in the Viridian interface XSA-472 CVE-2025-27466 CVE-2025-58142 CVE-2025-58143 - Arm issues with page refcounting XSA-473 CVE-2025-58144 CVE-2025-58145 - x86: Incorrect input sanitisation in Viridian hypercalls XSA-475 CVE-2025-58147 CVE-2025-58148 - Incorrect removal of permissions on PCI device unplug XSA-476 CVE-2025-58149 * Note that the following XSA are not listed, because... - XSA-468 applies to Windows PV drivers - XSA-474 applies to XAPI which is not included in Debian . Packaging minor fixes and improvements: * debian/salsa-ci.yml: adjust for trixie and new salsa-ci pipeline yorick-gy (0.0.6-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie ====================================== Sat, 15 Nov 2025 - Debian 13.2 released ====================================== ========================================================================= [Date: Sat, 15 Nov 2025 09:44:31 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: librust-profiling-procmacros-dev | 1.0.16-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x rust-profiling-procmacros | 1.0.16-1 | source Closed bugs: 1115989 ------------------- Reason ------------------- RoM; unused ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:05 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x btrfs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x cdrom-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x cdrom-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x crypto-dm-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x crypto-dm-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x crypto-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x crypto-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x dasd-extra-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x dasd-extra-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x dasd-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x dasd-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x ext4-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x ext4-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x f2fs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x f2fs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x fat-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x fat-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x isofs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x isofs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x kernel-image-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x kernel-image-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x linux-headers-6.12.38+deb13-s390x | 6.12.38-1 | s390x linux-headers-6.12.48+deb13-s390x | 6.12.48-1 | s390x linux-image-6.12.38+deb13-s390x | 6.12.38-1 | s390x linux-image-6.12.38+deb13-s390x-dbg | 6.12.38-1 | s390x linux-image-6.12.48+deb13-s390x | 6.12.48-1 | s390x linux-image-6.12.48+deb13-s390x-dbg | 6.12.48-1 | s390x loop-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x loop-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x md-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x md-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x mtd-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x mtd-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x multipath-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x multipath-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x nbd-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x nbd-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x nic-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x nic-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x scsi-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x scsi-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x scsi-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x scsi-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x udf-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x udf-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x xfs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x xfs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:18 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 btrfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 btrfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 cdrom-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 cdrom-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 crypto-dm-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 crypto-dm-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 crypto-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 crypto-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 drm-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 drm-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ext4-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ext4-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 f2fs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 f2fs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 fat-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 fat-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 fb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 fb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 input-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 input-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 isofs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 isofs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 jfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 jfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 kernel-image-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 kernel-image-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 linux-headers-6.12.38+deb13-riscv64 | 6.12.38-1 | riscv64 linux-headers-6.12.48+deb13-riscv64 | 6.12.48-1 | riscv64 linux-image-6.12.38+deb13-riscv64 | 6.12.38-1 | riscv64 linux-image-6.12.38+deb13-riscv64-dbg | 6.12.38-1 | riscv64 linux-image-6.12.48+deb13-riscv64 | 6.12.48-1 | riscv64 linux-image-6.12.48+deb13-riscv64-dbg | 6.12.48-1 | riscv64 loop-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 loop-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 md-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 md-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mmc-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mmc-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mmc-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mmc-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mtd-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mtd-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 multipath-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 multipath-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nbd-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nbd-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-shared-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-shared-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-usb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-usb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-wireless-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-wireless-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 pata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 pata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ppp-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ppp-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 sata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 sata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-nic-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-nic-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 squashfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 squashfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 udf-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 udf-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-serial-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-serial-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-storage-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-storage-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 xfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 xfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:37 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.38+deb13-cloud-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.38+deb13-rt-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.48+deb13-amd64 | 6.12.48-1 | amd64 linux-headers-6.12.48+deb13-cloud-amd64 | 6.12.48-1 | amd64 linux-headers-6.12.48+deb13-rt-amd64 | 6.12.48-1 | amd64 linux-image-6.12.38+deb13-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.48+deb13-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-amd64-unsigned | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64-unsigned | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64-unsigned | 6.12.48-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:04 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.38+deb13 | 6.12.38-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x linux-kbuild-6.12.48+deb13 | 6.12.48-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-arm64-16k | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-cloud-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-rt-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.48+deb13-arm64 | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-arm64-16k | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-cloud-arm64 | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-rt-arm64 | 6.12.48-1 | arm64 linux-image-6.12.38+deb13-arm64-16k-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-16k-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.48+deb13-arm64-16k-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-16k-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64-unsigned | 6.12.48-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:40 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-rpi | 6.12.38-1 | armel linux-headers-6.12.48+deb13-rpi | 6.12.48-1 | armel linux-image-6.12.38+deb13-rpi | 6.12.38-1 | armel linux-image-6.12.38+deb13-rpi-dbg | 6.12.38-1 | armel linux-image-6.12.48+deb13-rpi | 6.12.48-1 | armel linux-image-6.12.48+deb13-rpi-dbg | 6.12.48-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:52 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf btrfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf btrfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf cdrom-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf cdrom-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf crypto-dm-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf crypto-dm-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf crypto-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf crypto-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf drm-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf drm-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ext4-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ext4-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf f2fs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf f2fs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf fat-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf fat-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf fb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf fb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf input-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf input-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf isofs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf isofs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf jfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf jfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf kernel-image-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf kernel-image-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf linux-headers-6.12.38+deb13-armmp | 6.12.38-1 | armhf linux-headers-6.12.38+deb13-armmp-lpae | 6.12.38-1 | armhf linux-headers-6.12.38+deb13-rt-armmp | 6.12.38-1 | armhf linux-headers-6.12.48+deb13-armmp | 6.12.48-1 | armhf linux-headers-6.12.48+deb13-armmp-lpae | 6.12.48-1 | armhf linux-headers-6.12.48+deb13-rt-armmp | 6.12.48-1 | armhf linux-image-6.12.38+deb13-armmp | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-dbg | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-lpae | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-lpae-dbg | 6.12.38-1 | armhf linux-image-6.12.38+deb13-rt-armmp | 6.12.38-1 | armhf linux-image-6.12.38+deb13-rt-armmp-dbg | 6.12.38-1 | armhf linux-image-6.12.48+deb13-armmp | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-dbg | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-lpae | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-lpae-dbg | 6.12.48-1 | armhf linux-image-6.12.48+deb13-rt-armmp | 6.12.48-1 | armhf linux-image-6.12.48+deb13-rt-armmp-dbg | 6.12.48-1 | armhf loop-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf loop-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf md-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf md-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf mmc-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf mmc-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf mtd-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf mtd-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf multipath-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf multipath-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nbd-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nbd-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-shared-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-shared-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-usb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-usb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-wireless-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-wireless-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf pata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf pata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ppp-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ppp-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf sata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf sata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-nic-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-nic-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf sound-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf sound-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf speakup-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf speakup-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf squashfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf squashfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf udf-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf udf-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf uinput-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf uinput-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-serial-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-serial-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-storage-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-storage-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:07 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ata-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el btrfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el btrfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el cdrom-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el cdrom-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el crypto-dm-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el crypto-dm-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el crypto-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el crypto-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el drm-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el drm-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ext4-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ext4-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el f2fs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el f2fs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el fat-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el fat-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el fb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el fb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el firewire-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el firewire-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el hypervisor-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el hypervisor-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el input-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el input-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el isofs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el isofs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el jfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el jfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el kernel-image-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el kernel-image-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el linux-headers-6.12.38+deb13-powerpc64le | 6.12.38-1 | ppc64el linux-headers-6.12.38+deb13-powerpc64le-64k | 6.12.38-1 | ppc64el linux-headers-6.12.48+deb13-powerpc64le | 6.12.48-1 | ppc64el linux-headers-6.12.48+deb13-powerpc64le-64k | 6.12.48-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-64k | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-64k-dbg | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-dbg | 6.12.38-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-64k | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-64k-dbg | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-dbg | 6.12.48-1 | ppc64el loop-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el loop-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el md-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el md-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el mtd-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el mtd-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el multipath-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el multipath-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nbd-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nbd-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-shared-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-shared-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-usb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-usb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-wireless-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-wireless-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ppp-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ppp-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el sata-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el sata-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-nic-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-nic-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el serial-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el serial-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el squashfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el squashfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el udf-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el udf-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el uinput-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el uinput-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-serial-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-serial-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-storage-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-storage-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el xfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el xfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 btrfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 btrfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 cdrom-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 cdrom-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 crypto-dm-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 crypto-dm-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 crypto-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 crypto-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 drm-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 drm-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ext4-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ext4-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 f2fs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 f2fs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 fat-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 fat-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 fb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 fb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 firewire-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 firewire-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 input-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 input-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 isofs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 isofs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 jfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 jfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 kernel-image-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 kernel-image-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 linux-image-6.12.38+deb13-amd64 | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64 | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64 | 6.12.38-1 | amd64 linux-image-6.12.48+deb13-amd64 | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64 | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64 | 6.12.48-1 | amd64 loop-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 loop-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 md-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 md-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mmc-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mmc-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mmc-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mmc-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mtd-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mtd-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 multipath-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 multipath-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nbd-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nbd-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-pcmcia-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-pcmcia-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-shared-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-shared-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-usb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-usb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-wireless-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-wireless-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pcmcia-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pcmcia-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pcmcia-storage-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pcmcia-storage-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ppp-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ppp-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 rfkill-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 rfkill-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 sata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 sata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-nic-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-nic-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 serial-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 serial-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 sound-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 sound-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 speakup-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 speakup-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 squashfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 squashfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 udf-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 udf-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 uinput-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 uinput-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-serial-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-serial-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-storage-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-storage-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 xfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 xfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:31 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ata-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 btrfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 btrfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 cdrom-core-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 cdrom-core-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 crypto-dm-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 crypto-dm-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 crypto-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 crypto-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ext4-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ext4-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 f2fs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 f2fs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 fat-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 fat-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 fb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 fb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 input-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 input-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 isofs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 isofs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 jfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 jfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 kernel-image-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 kernel-image-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 linux-image-6.12.38+deb13-arm64 | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-16k | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64 | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64 | 6.12.38-1 | arm64 linux-image-6.12.48+deb13-arm64 | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-16k | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64 | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64 | 6.12.48-1 | arm64 loop-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 loop-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 md-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 md-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 mmc-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 mmc-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 multipath-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 multipath-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nbd-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nbd-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-shared-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-shared-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-usb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-usb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-wireless-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-wireless-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ppp-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ppp-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 sata-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 sata-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-core-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-core-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-nic-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-nic-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 sound-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 sound-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 speakup-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 speakup-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 squashfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 squashfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 udf-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 udf-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 uinput-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 uinput-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-serial-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-serial-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-storage-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-storage-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 xfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 xfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:57 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-common | 6.12.38-1 | all linux-headers-6.12.38+deb13-common-rt | 6.12.38-1 | all linux-headers-6.12.48+deb13-common | 6.12.48-1 | all linux-headers-6.12.48+deb13-common-rt | 6.12.48-1 | all linux-support-6.12.38+deb13 | 6.12.38-1 | all linux-support-6.12.48+deb13 | 6.12.48-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= 7zip (25.01+dfsg-1~deb13u1) trixie; urgency=medium . * New upstream version 25.01+dfsg * Fix CVE-2025-55188, CVE-2025-11002, CVE-2025-11001 7zip (25.00+dfsg-1) unstable; urgency=medium . * New upstream version 25.00+dfsg * Rediff patches * Drop unused macro while building SFX stub * Disable CI for upstream codes branch * Enable cross build test in CI 7zip-rar (25.00+ds-1+deb13u1) trixie; urgency=medium . * Add missing CRC table constructor (Closes: #1118733) aide (0.19.1-2+deb13u2) trixie; urgency=medium . * fix issue with 31_aide_lvm: bin/buildcache was a non-functional script in the original trixie release. This version now runs properly in the non-root daily job: bin/buildcache is now run from a root timer * new rules: * 31_aide_cryptsetup * 31_aide_grub-pc * 31_aide_ksmtuned * 31_aide_radvd * 31_aide_run_systemd_dynamic-uid * 31_aide_systemd_tmpfiles * 31_aide_valkey * 31_aide_xfsprogs * update and improve rules: * 10_aide_bits * 10_aide_dateformats * 10_aide_days * 11_aide_dateformats_cury * 10_aide_hardware * 31_aide_apt-cacher-ng * 31_aide_bind9 * 31_aide_console-setup * 31_aide_cups * 31_aide_dehydrated * 31_aide_dev * 31_aide_dokuwiki * 31_aide_fwupd * 31_aide_gnupg * 31_aide_icinga2 * 31_aide_lighttpd * 31_aide_man * 31_aide_mariadb * 31_aide_run_systemd_netif * 31_aide_samba * 31_aide_schroot * 31_aide_spamassassin * 31_aide_ssh-server * 31_aide_sudo * 31_aide_systemd * 31_aide_systemd_sessions * 31_aide_torrus * 31_aide_udev * re-work postgreql rules allow-html-temp (10.0.8-1~deb13u1) trixie; urgency=medium . * Prepared for uploading to trixie proposed update after update of thunderbird in trixie (stable) allow-html-temp (10.0.8-1~deb12u1) bookworm; urgency=medium . [ Mechtilde ] * [d894bae] Rebased to new upstream version 10.0.8 * [385a188] Added d/dpb.conf to use debian-package-scripts alsa-ucm-conf-asahi (8-2+deb13u1) trixie; urgency=medium . * Team upload. * d/install: install the aop_audio ucm configs (Closes: #1112531) ansible (12.0.0~b5+dfsg-0+deb13u1) trixie; urgency=medium . * New upstream version 12.0.0~b5+dfsg * Update debian/gbp.conf to track trixie branches * Change gbp upstream tag as long as upstream version in trixie and sid match * Update debian/watch to also catch beta releases * Drop community hashi-vault patches (applied upstream) * Add 12 previously failing collection CI tests to autopkgtest ansible (12.0.0~b3+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b3+dfsg ansible (12.0.0~b2+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b2+dfsg ansible (12.0.0~b1+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b1+dfsg - many collections have been updated to not emit deprecation warnings when used with ansible-core 2.19.0. * Drop community hashi-vault patches (applied upstream) * Add 12 previously failing collection CI tests to autopkgtest * Update debian/watch to also catch beta releases. ansible-core (2.19.4-0+deb13u1) trixie; urgency=medium . [ Lee Garrett ] * New upstream bugfix release 2.19.4 - Fix regression from 2.18 regarding handlers and play tags (Closes: #1114932) * d/t/ansible-test-integration.py: Match conditional with log verbosity * autopkgtest: Always emit output when testbed-setup.sh is run . [ Colin Watson ] * Move apt sources lists aside more comprehensively in tests * testbed-setup: Only remove autopkgtest's global pinning ansible-core (2.19.3-2) unstable; urgency=medium . * Team upload. * Move apt sources lists aside more comprehensively in tests. * testbed-setup: Only remove autopkgtest's global pinning, not more specific pins such as those created by "autopkgtest --pin-packages". ansible-core (2.19.3-1) unstable; urgency=medium . * d/watch: Don't scan for beta/rc releases for now. * New upstream version 2.19.3 * Fix regression from 2.18 regarding handlers and play tags (Closes: #1114932) ansible-core (2.19.2-1) unstable; urgency=medium . [ Stefano Rivera ] * Loosen resolvelib dependency (following upstream). . [ Lee Garrett ] * New upstream version 2.19.2 * Add debug code to check for spurious autopkgtest failures regarding python's EXTERNALLY-MANAGED marker file * Fix logging conditional in autopkgtest * autopkgtest: Always emit output when testbed-setup.sh is run ansible-core (2.19.1-1) unstable; urgency=medium . * New upstream bugfix release 2.19.1 * Skip ansible-test-debugging integration test (requires running from source) ansible-core (2.19.1-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release 2.19.1 * Update debian/gbp.conf to track trixie branches * Update watch file to follow ansible-core 2.19.x in trixie * Change gbp upstream tag as long as upstream version in trixie and sid match * Skip ansible-test-debugging integration test (requires running from source) ansible-core (2.19.0-1) unstable; urgency=medium . * New upstream version 2.19.0 - This version is equivalent to rc2 on the code level, and just consolidates the changelog of the beta/rc releases into a single 2.19.0 one. ansible-core (2.19.0~rc2-1) unstable; urgency=medium . * New upstream version 2.19.0~rc1 - templating - Relaxed the Jinja sandbox to allow specific bitwise operations which have no filter equivalent. The allowed methods are __and__, __lshift__, __or__, __rshift__, __xor__. (Closes: #1106362) - templating - Switched from the Jinja immutable sandbox to the standard sandbox. This restores the ability to use mutation methods such as list.append and dict.update. - Bugfix: Update automatic role argument spec validation to not use deprecated syntax. - Bugfix: ssh connection plugin - Allow only one password prompt attempt when utilizing SSH_ASKPASS. * New upstream version 2.19.0~rc2 - Add deprecation warnings to YAML parsing, config settings, playbooks, and the public API. asahi-scripts (20250130-3+deb13u1) trixie; urgency=medium . * Team upload. * d/patches: - add 0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch to fix the macaudio default profile check (Closes: #1112262) - add 0000-Backport-asahi-diagnose-drop-tas2764-checks.patch to drop the tas2764 quirk checks (Closes: #1112262) - 0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch: add the apple_nvmem_spmi module to the initramfs explicitly and obsolete simple-mfd-spmi and nvmem_spmi_mfd (Closes: #1112264) - add 0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch to make update-m1n1 idempotent (Closes: #1112265) - refresh base-files (13.8+deb13u2) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.2 point release. bind9 (1:9.20.15-1~deb13u1) trixie-security; urgency=high . * New upstream version 9.20.15 - [CVE-2025-8677]: DNSSEC validation fails if matching but invalid DNSKEY is found - [CVE-2025-40778]: Address various spoofing attacks. - [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number generator bind9 (1:9.20.15-1~deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for trixie-backports. * d/gbp.conf: set branch for bookworm-backports brltty (6.7-3.1+deb13u2) trixie; urgency=medium . * patches/noverbose-bluetooth: Avoid verbose bluetooth spam. * patches/noverbose-usbfs: Avoid verbose usbfs spam (Closes: Bug#845496) brltty (6.7-3.1+deb13u2~bpo12+1) bookworm-backports; urgency=medium . * Backport to bookworm. chromium (142.0.7444.134-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. chromium (142.0.7444.134-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. chromium (142.0.7444.59-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. - trixie/rust-no-alloc-shim.patch: add another missing symbol that's provided by newer versions of rust. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (142.0.7444.59-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. - trixie/rust-no-alloc-shim.patch: add another missing symbol that's provided by newer versions of rust. - bookworm/gn-path-exists2.patch: add another workaround for lack of path_exists() in older gn. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (141.0.7390.122-1) unstable; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.122-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.122-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.107-1) unstable; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.107-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.107-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.65-1) unstable; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.65-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.65-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.54-1) unstable; urgency=high . * New upstream stable release. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (141.0.7390.54-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG. - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl. - CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz. - CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen. - CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq. - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob. - CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K. - CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep. - CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari. - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (141.0.7390.54-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG. - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl. - CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz. - CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen. - CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq. - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob. - CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K. - CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep. - CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari. - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. * d/rules: set rtc_video_psnr=false for bookworm's older openh264. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (140.0.7339.207-1) unstable; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.207-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.207-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.185-1) unstable; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.185-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.185-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.127-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.127-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.127-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.80-1) unstable; urgency=medium . * New upstream stable release. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (140.0.7339.80-1~deb13u1) trixie-security; urgency=medium . * New upstream stable release. - CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team. - CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. - CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK. - CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (140.0.7339.80-1~deb12u1) bookworm-security; urgency=medium . * New upstream stable release. - CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team. - CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. - CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK. - CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. - bookworm/rust-visibility.patch: drop, not needed w/ new rust 1.85. - bookworm/crabbyav1f.patch: drop, not needed w/ new rust 1.85. - bookworm/toktrie-utf8chunks.patch: drop, not needed w/ new rust. - bookworm/derivre-create.patch: drop, not needed w/ new rust. - bookworm/rust-split-at-checked.patch: drop, not needed w/ new rust. - bookworm/crabbyav1f-macro-scope.patch: drop, not needed w/ new rust. - bookworm/rust-box-to-vec.patch: drop, not needed w/ new rust. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (139.0.7258.154-1) unstable; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. cjson (1.7.18-3.1+deb13u1) trixie-security; urgency=medium . * CVE-2025-57052 (Closes: #1114757) console-setup (1.242~deb13u1) trixie; urgency=medium . * Backport 1.242 from forky development. * keyboard-configuration.templates: Fix dz(azerty-oss/deadkeys) into dz, which is what xkb really provides. * keyboard-configuration.config: Fix dz default layout. console-setup (1.241) unstable; urgency=medium . * keyboard-configuration.templates: Use ca/multix variant instead of ca/multi (Closes: #1111994). console-setup (1.240+deb13u1) trixie; urgency=medium . * keyboard-configuration.templates: Update dz(la) into dz(azerty-oss). * keyboard-configuration.templates: Use ca/multix variant instead of ca/multi (Closes: #1111994). cups (2.4.10-3+deb13u2) trixie; urgency=high . * add 0018-cgi-Fix-checkbox-support-fixes.patch Thanks to Elena ``of Valhalla'' for finding the upstream commit and asking Simone Piccardi to confirm that it works now. (Closes: #1109471) cups (2.4.10-3+deb13u1) trixie-security; urgency=high . * CVE-2025-58060 fix authentication bypass with AuthType Negotiate * CVE-2025-58364 fix remote DoS via null dereference curl (8.14.1-2+deb13u2) trixie; urgency=medium . * d/p/wcurl-CVE-2025-11563.patch: Pull upstream changes to actually fix CVE-2025-11563 curl (8.14.1-2+deb13u1) trixie; urgency=medium . [ Alex ] * Team upload. * d/p/cookie-don-t-treat-the-leading-slash-as-trailing: import upstream patch to fix CVE-2025-9086 * d/p/CVE-2025-10148.patch: backport upstream patch for CVE-2025-10148 . [ Samuel Henrique ] * Import wcurl patches. * wcurl-CVE-2025-11563.patch: Fix CVE-2025-11563 * wcurl-Fix-example-for-continue-at.patch: Fix example in manpage * wcurl-Set-CURL_OPTIONS-right-before-the-url.patch: Fix to allow --output to be overwritten with --curl-options debian-edu-config (2.12.903~deb13u1) trixie; urgency=medium . * Upload to trixie. debian-installer (20250803+deb13u2) trixie; urgency=medium . * Bump Linux kernel ABI to 6.12.57+deb13. * Adjust linux-image build-deps accordingly. debian-installer-netboot-images (20250803+deb13u2) trixie; urgency=medium . * Update to 20250803+deb13u2, from trixie-proposed-updates. dhcpcd (1:10.1.0-11+deb13u1) trixie; urgency=medium . * [patches] + DHCP: Fix crash when someone deletes our address (Closes: #1114964). Cherry-pick from upstream Git (included in Forky since 10.2.0). * [service] - Remove /etc/wpa_supplicant from ReadWritePaths (Closes: #1111467). Otherwise dhcpcd fails to launch if wpasupplicant is not installed. distro-info-data (0.66+deb13u1) trixie; urgency=medium . * Update database to 0.68: - Update the bookworm EoL - Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961) dkms (3.2.2-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie. . dkms (3.2.2-1) unstable; urgency=medium . * New upstream release. * Stop shipping dkms.service. Not really needed and causes a dependency cycle with cloud-init-network.service. (Closes: #1107232) * common.postinst: Emit a warning if no kernel headers were found. (Closes: #1114731) * Drop Pre-Depends: lsb-release, no longer used since 3.0.12. * Add Breaks against more obsolete *-dkms packages. dns-root-data (2025080400~deb13u1) trixie; urgency=medium . * Rebuild the package for trixie to make possible to rebuild it again during the distribution lifetime. (See #1091496.) The content of the binary package is unchanged from version 2024071801, which is the one currently in trixie. dnsdist (1.9.10-1+deb13u1) trixie; urgency=medium . * d/{gbp.conf,.gitlab-ci.yml}: setup for trixie * Apply upstream fix for CVE-2025-8671, CVE-2025-30187 (Closes: #1115643) dolphin-emu (2503+dfsg-1+deb13u1) trixie; urgency=medium . * Remove the dfsg repack suffix from DOLPHIN_WC_DESCRIBE (closes: #1094989). * Look for locale files in the correct directory (closes: #1108687). * Switch debian-branch to trixie. dovecot (1:2.4.1+dfsg1-6+deb13u2) trixie; urgency=medium . * [6ac2883] Clean up a few typos in default/example config (Closes: #1112667) * [7feb544] Ensure default lmtpd auth_username_format matches the global value (Closes: #1111469) * [216ec20] import upstream patch for improperly terminated auth_oauth2_post_setting_defines (Closes: #1116328) * [46eab61] lib-sieve/sieve-script.c: sieve_script_create_common: Correctly handle errors. (Closes: #1116070) dovecot (1:2.4.1+dfsg1-6+deb13u1) trixie-security; urgency=high . * Import upstream fix for an issue with authentication cache management that could result in users being logged in as the wrong user in certain configurations. (Closes: #1115964) eas4tbsync (4.17-1~deb13u2) trixie; urgency=medium . * Added dir api/ to d/rules It follows 4.17-2 in unstable eas4tbsync (4.17-1~deb13u1) trixie; urgency=medium . * Prepared for uploading to trixie proposed update after update of thunderbird in trixie (stable) emacs-libvterm (0.0.2+git20250113.056ad74-3~deb13u1) trixie; urgency=medium . * Upload to trixie . emacs-libvterm (0.0.2+git20250113.056ad74-3) unstable; urgency=medium . * Fix elpa-vterm to use "Multi-Arch: no" - elpa-vterm installs the files under the same path on different archs, so they are not co-installable. . emacs-libvterm (0.0.2+git20250113.056ad74-2) unstable; urgency=medium . * Upload to unstable - Change elpa-vterm to arch:any fixed the DEB_HOST_MULTIARCH generation. (Closes: #1115607) . emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages emacs-libvterm (0.0.2+git20250113.056ad74-2) unstable; urgency=medium . * Upload to unstable - Change elpa-vterm to arch:any fixed the DEB_HOST_MULTIARCH generation. (Closes: #1115607) . emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages eperl (2.2.15-1+deb13u1) trixie; urgency=medium . * Debian Team upload. * d/p/0003: Pass environ to PERL_SYS_INIT()/perl_parse() implicitly instead of explicitly to avoid the script getting a truncated environment on Perl 5.40 (Closes: #1114004) epiphany-browser (48.5-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release 48.4 - Fix app ID in metainfo - Disconnect signal handlers correctly, fixing a use-after-free crash (epiphany#2653 upstream) - In incognito mode (private browsing), don't use saved HTTP authentication passwords from normal mode (epiphany#2651 upstream) - Fix inability to authenticate on authenticationtest.com by avoiding a spurious authentication attempt with known-wrong credentials (epiphany!1745 upstream) - Use the creation time for webapps' "Installed on" date, not the modification time (epiphany#2604 upstream) - Don't consider og:image (a media preview used when sharing links on social media) as a candidate for the icon for a webapp, since it often points to an image that merely appears on the referenced website (epiphany!1755 upstream) - Fix a crash on exit if the export dialog has been dismissed, and relatedly a memory leak (epiphany#2661 upstream) - Fix two crashes on startup if running under Pantheon (epiphany!1818 upstream; not relevant to Debian unless that desktop environment is installed from a third-party source) - Improve robustness of password import, avoiding some crashes (epiphany!1843 upstream) - Fix PKCS#11 login for invalid cert/priv pairs (epiphany!1857 upstream) - Translation updates - Upstream CI fixes not relevant to Debian * New upstream bugfix release 48.5 - Upstream CI fixes not relevant to Debian evolution (3.56.2-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release, fixing these issues: - I#3042 - Check return value of CamelDataWrapper calculate size functions - I#3045 - Cannot add actions in 'Customize User Interface' dialog - I#3052 - Ensure "New" button action in Calendar view - I#3061 - Mail: Do not strip signature for Edit as New in Sent folder - Calendar: Cannot show/hide Tasks and Memos pane - (Closes: #1120149) * debian/control: Bump e-d-s dependencies and build-dependencies to 3.56.2 evolution (3.56.1-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patch to fix crash with webkit2gtk 2.50 (Closes: #1116301) * Update debian/gbp.conf for trixie evolution-data-server (3.56.2-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release * Cherry-pick patch to fix busy loop when using the MH format mail archive (Closes: #1111605) fangfrisch (1.9.0-3+deb13u1) trixie; urgency=high . * Non-maintainer upload. * Update sanesecurity mirror as the old one will stop working this year (Closes: #1117681) ffmpeg (7:7.1.2-0+deb13u1) trixie-security; urgency=medium . * New upstream version 7.1.2 - Fixes CVE-2025-1594 firefox-esr (140.4.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-83, also known as: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11714, CVE-2025-11715. . * debian/watch: Refreshed. Somehow it was not refreshed for ESR. * debian/dh: Properly handle multiple DEB_BUILD_OPTIONS. firefox-esr (140.4.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-83, also known as: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11714, CVE-2025-11715. . * debian/watch: Refreshed. Somehow it was not refreshed for ESR. * debian/dh: Properly handle multiple DEB_BUILD_OPTIONS. firefox-esr (140.3.1esr-2) unstable; urgency=medium . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/rules: Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.1esr-1) unstable; urgency=medium . * New upstream release. firefox-esr (140.3.1esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. - Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.1esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. - Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.0esr-2) unstable; urgency=medium . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. firefox-esr (140.3.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (140.3.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (140.3.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (128.14.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. fluidsynth (2.4.4+dfsg-1+deb13u1) trixie; urgency=medium . * Set the default samplerate to 48000 and buffer size to 512 in the service config file (Closes: #1075976, #1105956). folder-account (12.1-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie for thunderbird >= 140.3 fonts-noto-color-emoji (2.051-0+deb13u1) trixie; urgency=medium . * New upstream release (Closes: #1115370) - This major update introduces support for the Unicode 17.0 standard https://blog.emojipedia.org/google-debuts-emoji-17-0-support/ freeradius (3.2.7+dfsg-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Backport patch to fix compatibility with OpenSSL 3.5.2 (Closes: #1111328) gegl (1:0.4.62-2+deb13u1) trixie-security; urgency=medium . * CVE-2025-10921 (Closes: #1116470) ghostscript (10.05.1~dfsg-1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Steve Robbins ] * Upstream fix for CVE-2025-7462. (Closes: #1109270) . [ Salvatore Bonaccorso ] * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443) * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444) gimp (3.0.4-3+deb13u2) trixie-security; urgency=medium . * CVE-2025-10934 (Closes: #1119661) gimp (3.0.4-3+deb13u1) trixie-security; urgency=medium . * CVE-2025-10924 (Closes: #1116461) * CVE-2025-10923 (Closes: #1116460) * CVE-2025-10922 (Closes: #1116459) * CVE-2025-10920 (Closes: #1116458) gnome-maps (48.7-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release (Closes: #1111673) - Fix a regression when requesting route planning from transitous.org (gnome-maps#864 upstream) - Add address format for Austria - Add address format for Paraguay - Translation updates (Dutch, Romanian, Thai) gnome-maps (48.6-3) unstable; urgency=medium . * Team upload * Build-depend on gobject-introspection instead of libgirepository1.0-dev * Standards-Version: 4.7.2 (no changes required) gnome-maps (48.6-2) unstable; urgency=medium . * Cherry-pick fixes from gnome-48 branch (Closes: #1111673): - Add address format for Austria - Add address format for Paraguay - Update Dutch translation . gnome-maps (48.6-1) unstable; urgency=medium . * Team upload * d/gbp.conf, d/watch: Only watch for 48.x for now. We'll track 48.x in testing/unstable for now, to get more testing for possible future trixie updates. * New upstream stable release - Translation updates only gnome-maps (48.6-1) unstable; urgency=medium . * Team upload * d/gbp.conf, d/watch: Only watch for 48.x for now. We'll track 48.x in testing/unstable for now, to get more testing for possible future trixie updates. * New upstream stable release - Translation updates only gnome-session (48.0-1+deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf, d/watch: Set branch for trixie stable updates * d/gnome-mimeapps.list: Fall back from Evince to Papers where supported, if Evince is not installed. The default PDF reader for GNOME in trixie is evince, but the metapackage has an alternative dependency on papers and some early adopters are already using the newer package. Papers doesn't support some document formats that Evince did, like Postscript and DVI. Continue to prefer only Evince for those. (Closes: #1112257, #1115704) * d/gnome-mimeapps.list: Fall back from Totem to Showtime where supported, if Showtime is not installed. Similar to the PDF readers, the default video player for GNOME in trixie is totem, but the metapackage has an alternative dependency on showtime. showtime is only a file-based video player and isn't designed to play audio, playlists or DVDs, so continue to refer to only totem for the formats not supported by showtime. google-recaptcha (1.3.0-2+deb13u1) trixie; urgency=medium . * Add a patch to fix PHP 8.4 deprecations haproxy (3.0.11-1+deb13u1) trixie-security; urgency=high . * CVE-2025-11230: fix possible DoS when parsing JSON numbers. hsqldb1.8.0 (1.8.0.10+dfsg-12.1+deb13u1) trixie-security; urgency=medium . * (re)add avoid-execution-of-spurious-command-in-script-or-log-file.diff to debian/patches/series, lost in 1.8.0.10+dfsg-12.1 NMU ikvswitch (1.0.4+deb13u1) trixie; urgency=medium . * Write in /etc/sysctl.d/00-forward-internet.conf as sysctl.conf is gone in Trixie. * Use Trixie as default distro for the setup. * Add || true when doing "ip link set down dev" if ipmi bridge. imagemagick (8:7.1.1.43+dfsg1-1+deb13u3) trixie; urgency=high . * Fix CVE-2025-62171 (Closes: #1118340) Integer Overflow in BMP Decoder (ReadBMP): CVE-2025-57803 claims to be patched, but the fix is incomplete and ineffective. . The patch added BMPOverflowCheck() but placed it after the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS. imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high . * Fix CVE-2025-55004: ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image (Closes: #1111101) * Fix CVE-2025-55005: when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. (Closes: #1111102) * Fix CVE-2025-55154: the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. (Closes: #1111103) * Fix CVE-2025-55212: Passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. (Closes: #1111587) * Fix CVE-2025-55298: A format string bug vulnerability exists in InterpretImageFilenam function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. (Closes: #1111586) * Fix CVE-2025-57803: A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. (Closes: #1112469) * Fix CVE-2025-57807: A security problem was found in SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. (Closes: #1114520) incus (6.0.4-2+deb13u1) trixie-security; urgency=high . * Backport fixes for the following security issues: - CVE-2025-54293 / GHSA-472f-vmf2-pr3h - CVE-2025-54287 / GHSA-w2hg-2v4p-vmh6 - CVE-2025-54288 / GHSA-7232-97c6-j525 - CVE-2025-54286 / GHSA-p8hw-rfjg-689h - CVE-2025-54290 / GHSA-p3x5-mvmp-5f35 - CVE-2025-54291 / GHSA-xch9-h8qw-85c7 - CVE-2025-54289 / GHSA-3g72-chj4-2228 incus (6.0.4-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. - Drop dependency on virtiofsd, as it isn't available for bookworm - Drop apparmor 4.x patch - Relax dependency on lxcfs, since runit scripts aren't expected for bookworm - Add patch to remove dependency on go-criu - Add patch to build with older version of openfga-go-sdk - Add patch backporting RemoveAll from newer sftp input-remapper (2.1.1-1+deb13u1) trixie; urgency=medium . * Add psutil to the list of module requirements. Closes: #1113695. intel-microcode (3.20250812.1~deb13u1) trixie-security; urgency=medium . * Security upload, no changes. . intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. intel-microcode (3.20250812.1~deb12u1) bookworm-security; urgency=medium . * Backport to bookworm-security * debian/rules: revert use of /usr/lib/firmware for deb12 . intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. irqbalance (1.9.4-1+deb13u1) trixie; urgency=medium . * d/gbp.conf: set debian-branch to debian/trixie * Drop ProtectKernelTunables=yes in irqbalance.service. Done via new patch: d/p/drop-protectkerneltunables.patch Thanks to Marco d'Itri (Closes: #1114676) jdupes (1.28.0-1+deb13u1) trixie; urgency=medium . * debian/patches/020_fix-uniq-count.patch: created to fix flag overlap between FF_NOT_UNIQUE and FF_HASHDB_DIRTY. . Both FF_NOT_UNIQUE and FF_HASHDB_DIRTY were defined using the same bit (1U << 5), causing logic errors where files were incorrectly marked as not unique due to hash database state. This commit moves FF_HASHDB_DIRTY to (1U << 6) to eliminate the overlap. It fixes incorrect behavior when detecting unique files with --unique or -u. . Closes: #1063079 jetty12 (12.0.17-3.1~deb13u1) trixie-security; urgency=medium . * Non-maintainer upload. * Rebuild for trixie-security. . jetty12 (12.0.17-3.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111765) jetty9 (9.4.57-1.1~deb13u1) trixie-security; urgency=medium . * Non-maintainer upload. * Rebuild for trixie-security. . jetty9 (9.4.57-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111766) jetty9 (9.4.57-1.1~deb12u1) bookworm-security; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm-security. . jetty9 (9.4.57-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111766) jing-trang (20241231+repack-1~deb13u1) trixie; urgency=medium . * Re-import new upstream release, with gbp filtering (Closes: Bug#1118457) keepassxc-browser (1.9.7+repack1-1+deb13u1) trixie; urgency=medium . * Fixed integration with Chromium (Closes: #1111635) + Split installation for Chromium and Firefox in two separate directories. Each directory does now contain the correct manifest.json file for the respective browser. + Added maintainer preinst script to remove a symbolic link from previous package versions to have this revision create a directory instead + Added maintainer prerm script to permit a downgrade - just in case. It conditionally reverses the action of the above mentioned preinst script. + Extended fix-browser-polyfill-includex.patch to also adjust the Chromium manifest + Extended fix-nacl-includes.patch to also adjust the Chromium manifest + Extended chromium-extension-key.patch to add the extension's key in the manifest file which is installed from this revision on for Chromium + Extended lintian overrides for warnings produced by the additional installation for Chromium + Extended and updated debian/rules to rename and install files into the respective directories per browser. Removed obsolete file permission fixes and improved readability. kmail-account-wizard (4:24.12.3-1+deb13u1) trixie; urgency=medium . * Detect QML-dependencies automatically. lemonldap-ng (2.21.2+ds-1+deb13u1) trixie; urgency=medium . * Fix shell injection from admin interface (Closes: CVE-2025-59518) * Don't expose session-id into Ajax responses * Fix Google authentication libcommons-lang-java (2.6-10+deb13u1) trixie; urgency=medium . * Team upload. * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924. - Fix an uncontrolled recursion vulnerability (closes: 1109126). libcommons-lang3-java (3.17.0-1+deb13u1) trixie; urgency=medium . * Team upload. * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924. - Fix an uncontrolled recursion vulnerability (closes: 1109125). libcpanel-json-xs-perl (4.39-2~deb13u1) trixie-security; urgency=high . * Rebuild for trixie-security . libcpanel-json-xs-perl (4.39-2) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40929) libgpiod (2.2.1-2+deb13u1) trixie; urgency=medium . * d/control: Remove Breaks/Replaces on libgpiod2 and libgpiod2t64. This allows co-installation with older libraries. (Closes: #1110868) libhtp (1:0.5.50-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2025-53537: memory leak with LZMA (Closes: #1109838) libjson-xs-perl (4.040-1~deb13u1) trixie-security; urgency=high . * Rebuild for trixie-security . libjson-xs-perl (4.040-1) unstable; urgency=medium . * Team upload. * Import upstream version 4.040. - Fix json_atof_scan1 overflows (CVE-2025-40928) * Drop initial patch for CVE-2025-40928 in favour of upstream changes * Drop patches applied upstream . libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libjson-xs-perl (4.040-1~deb12u1) bookworm-security; urgency=high . * Rebuild for bookworm-security . libjson-xs-perl (4.040-1) unstable; urgency=medium . * Team upload. * Import upstream version 4.040. - Fix json_atof_scan1 overflows (CVE-2025-40928) * Drop initial patch for CVE-2025-40928 in favour of upstream changes * Drop patches applied upstream . libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libsmb2 (6.2+dfsg-2+deb13u1) trixie; urgency=medium . * Import upstream patches to fix CVE-2025-57632 - When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256) * d/p/CVE-2025-57632-pt*.patch: Import upstream patches to fix CVE * d/p/CVE-2025-57632-pt2.patch: Backport patch and Update hunks' offsets * d/p/CVE-2025-57632-pt3.patch: Backport patch and Update hunks' offsets * d/p/CVE-2025-57632-pt4.patch: Backport patch and Change hunk to reflect new code indentation libssh (0.11.2-1+deb13u1) trixie; urgency=medium . * CVE-2025-8277 (Closes: #1114859) * CVE-2025-8114 (Closes: #1109860) libvirt (11.3.0-3+deb13u1) trixie; urgency=medium . * [6a549fc] patches: Add backports - backport/tlscert-Don-t-force-keyEncipherment[...] - backport/tls-Don-t-require-keyEncipherment-[...] - backport/tests-[...]-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERM[...] - Removes the requirement to have keyEncipherment enabled for TLS certificates - Closes: #1110816 * [8b355a8] patches: Add backports - backport/daemon-Drop-log-level-of-VIR_ERR_NO_SUPPORT-[...] - Prevents journal spam when using the LXC driver - Closes: #1110963 * [f5079ab] patches: Add backports - backport/qemu-capabilities-Check-if-cpuModels-is-not-NULL-[...] - Fixes a daemon crash that occurs when probing capabilities for a QEMU binary that doesn't report information about CPU models - Closes: #1112481 libwebsockets (4.3.5-1+deb13u1) trixie; urgency=medium . * CVE-2025-11677 (Closes: #1118747) * CVE-2025-11678 (Closes: #1118746) libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u2) trixie; urgency=high . * Non-maintainer upload. * Fix CVE-2025-9714: Denial of service vulnerability via uncontrolled recursion in XPath evaluation. * Amend d/p/CVE-2025-7425.patch to better reflect the original fix. libxslt (1.1.35-1.2+deb13u2) trixie-security; urgency=high . * Non-maintainer upload. * Fix regression in the backport of upstream change for issue #123 "generate-id() is non-deterministic". libyaml-syck-perl (1.34-2+deb13u1) trixie; urgency=medium . * Team upload. * Address memory corruption leading to 'str' value being set on empty keys (CVE-2025-11683) libyaml-syck-perl (1.34-2+deb12u1) bookworm; urgency=medium . * Team upload. * Address memory corruption leading to 'str' value being set on empty keys (CVE-2025-11683) linux (6.12.57-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux (6.12.48-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions linux-signed-amd64 (6.12.57+1) trixie; urgency=medium . * Sign kernel from linux 6.12.57-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux-signed-amd64 (6.12.48+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.48-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions linux-signed-arm64 (6.12.57+1) trixie; urgency=medium . * Sign kernel from linux 6.12.57-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux-signed-arm64 (6.12.48+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.48-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions lnav (0.12.4-1+deb13u1) trixie; urgency=medium . * [notcurses] handle failure to set cregs from tmux (Closes: #1109004) log4cxx (1.4.0-1+deb13u1) trixie; urgency=medium . [ Lukas Märdian and Tobias Frost ] * Backport fixes for: - CVE-2025-54812: Improper HTML escaping in HTMLLayout (Closes: #1111879) - CVE-2025-54813: Improper escaping with JSONLayout (Closes: #1111881) logcheck (1.4.5+deb13u1) trixie; urgency=medium . [ Paul Aurich ] * Update and simplify regex in ignore.d.paranoid/ssh . [ Yasuhiro Kimura ] * Update ignore.d.paranoid/ssh and ignore.d.server/ssh lttng-modules (2.13.18-1+deb13u1) trixie; urgency=medium . * Fix potential kernel crash with syscall tracing (Closes: ##1117551) * [4b4342c] debian/gbp.conf: branch config for trixie * [a8a56d6] Add patch to fix syscall tracing with kernels >= v6.13 luksmeta (9-4+deb13u1) trixie; urgency=high . * Cherry-pick "Fix handling of large metadata". Closes: #111828 [CVE-2025-11568] luksmeta (9-4+deb12u1) bookworm; urgency=high . * Cherry-pick "Fix handling of large metadata". Closes: #111828 [CVE-2025-11568] lxcfs (6.0.4-1+deb13u1) trixie; urgency=medium . * d/control: - Add a dependency on fuse3 (Closes: #1114596) lxd (5.0.2+git20231211.1364ae4-9+deb13u1) trixie-security; urgency=high . * Backport fixes for the following security issues that are unfixed by Canonical in the stable-5.0 branch: - CVE-2025-54293 / GHSA-472f-vmf2-pr3h - CVE-2025-54287 / GHSA-w2hg-2v4p-vmh6 - CVE-2025-54288 / GHSA-7232-97c6-j525 * Backport fixes for the following security issues fixed by Canonical: - CVE-2025-54286 / GHSA-p8hw-rfjg-689h magit (4.3.5-1+deb13u1) trixie; urgency=medium . * Update d/gbp.conf to track trixie branch * Ship missing magit-dired.el in elpa-magit (Closes: 1120049) mailmindr (1.7.1-2~deb13u1) trixie; urgency=medium . * Rebuild to upload to trixie after thunderbird 140.3 malcontent (0.13.0-2+deb13u1) trixie; urgency=medium . * Team upload . [ Alessandro Astone ] * Fix filtering snaps after snapd 2.72 (Closes: #1120080, LP: #2128350) * Fix listing flatpaks in parental control UI (Closes: #1113776) * Fix memory leak when checking snaps mapserver (8.4.0-4+deb13u1) trixie; urgency=medium . * Update branch in gbp.conf & Vcs-Git URL. * Add upstream patch to fix CVE-2025-59431. * Update symbols for msStringUnescape. mc (3:4.8.33-1+deb13u1) trixie; urgency=high . * Non-maintainer upload. * Added debian/patches/subshell-fd.patch (Closes: #1108061) modsecurity-apache (2.9.11-1+deb13u1) trixie; urgency=medium . * Add patch against new CVE; Fixes CVE-2025-54571 (Closes: #1110480) * Remove d/patches/aclocal.patch, not necessary monitoring-plugins (2.4.0-3+deb13u1) trixie; urgency=medium . * [3cb6abf] d/.gitlab-ci.yml: Change RELEASE to trixie * [1b5ea7b] Adding d/patches/25_check_users_sd_get_uids to fix user count * [b92ed85] Adding d/p/26_check_mysql_replica from upstream (Closes: #1116027) * [4362a8d] d/control: Adding libsystemd-dev and libsystemd0 as build-dep (Closes: #1110265) * [22de282] d/control: Drop libsystemd0 from build-deps, pulled by libsystemd-dev mpv (0.40.0-3+deb13u1) trixie; urgency=medium . * debian/gbp.conf: Work on debian/trixie branch * debian/patches: Create missing folders for watch history (Closes: #1115938) mrtg (2.17.10-13+deb13u1) trixie; urgency=medium . * debian/patches/010_enable-www-dir.patch: dropped because it is generating duplicate information in config file when using the cfgmaker command (WorkDir field). Thanks to Lloyd . (Closes: #1111333) nextcloud-desktop (3.16.7-1~deb13u1) trixie; urgency=medium . * Rebuild for Trixie. . nextcloud-desktop (3.16.7-1) unstable; urgency=medium . * New upstream release. . nextcloud-desktop (3.16.6-3) unstable; urgency=medium . * Release to unstable (#1091614 is fixed). . nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) . nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nextcloud-desktop (3.16.6-3) unstable; urgency=medium . * Release to unstable (#1091614 is fixed). . nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) . nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nfdump (1.7.5-2+deb13u1) trixie; urgency=medium . * [3d717345] Cherry-Pick upstream fix for -S (subdir) together with -M (multiple sources) (Closes: #1112376) * [018d04be] Salsa CI: Adjust for trixie * [5cb8e85c] d/gbp.conf: Adjust for trixie nncp (8.11.0-4+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent path traversal during freq/file (CVE-2025-60020) (Closes: #1115848) node-sha.js (2.4.11+~2.4.0-2+deb13u1) trixie-security; urgency=medium . * Team upload * Fix improper input validation vulnerability (Closes: #1111769, CVE-2025-9288) * Add dependencies to node-get-intrinsic, node-isarray and node-is-typed-array node-sha.js (2.4.11+~2.4.0-2+deb12u1) bookworm-security; urgency=medium . * Fix improper input validation vulnerability (Closes: #1111769, CVE-2025-9288) * Add dependencies to node-get-intrinsic, node-isarray and node-is-typed-array node-tar-fs (3.0.9+~cs2.0.4-1+deb13u1) trixie-security; urgency=medium . * Team upload * Apply fix for CVE-2025-59343 (Closes: #1116338) nova (2:31.0.0-6+deb13u1) trixie; urgency=high . * A vulnerability has been identified in OpenStack Nova and OpenStack Watcher in conjunction with volume swap operations performed by the Watcher service. Under specific circumstances, this can lead to a situation where two Nova libvirt instances could reference the same block device, allowing accidental information disclosure to the unauthorized instance. Added upstream patch: OSSN-0094_restrict_swap_volume_to_cinder.patch. (Closes: #1111689). * Blacklist non-deterministic unit test: - ComputeTestCase.test_add_remove_fixed_ip_updates_instance_updated_at nvidia-graphics-drivers-tesla-535 (535.274.02-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie. . nvidia-graphics-drivers-tesla-535 (535.274.02-1) unstable; urgency=medium . * New upstream LTS and Tesla branch release 535.274.02 (2025-09-30). * Fixed CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345. (Closes: #1118688) https://nvidia.custhelp.com/app/answers/detail/a_id/5703 . [ Andreas Beckmann ] * Refresh patches. onetbb (2022.1.0-1+deb13u1) trixie; urgency=medium . * Team upload. * Skip some tests when the machine has a single CPU. Closes: #1108053. * Skip test_mutex, it fails in Salsa CI. Closes: #1094260. open-vm-tools (2:12.5.0-2+deb13u1) trixie; urgency=high . * [eb68735] Gitlab CI / GBP configs: use trixie * [21e31a4] Disable (default) the execution of the SDMP get-versions.sh script (CVE-2025-41244) Thanks to Salvatore Bonaccorso * [0e87684] Generate debdiffs in salsa CI automatically openjdk-21 (21.0.9+10-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie openjdk-21 (21.0.9~8ea-1) unstable; urgency=medium . * OpenJDK 21.0.9 early access, build 8. . [ Matthias Klose ] * d/rules: Let the install target depend on the build target. Closes: #1105471. . [ Vladimir Petko ] * d/t/problems.csv: Synchronize problem list. openjdk-21 (21.0.9~5ea-1) unstable; urgency=medium . * OpenJDK 21.0.9 early access, build 5. . [ Vladimir Petko ] * d/copyright-generator/copyright-gen.py: bump copyright year. * d/copyright: regenerate. . [ Matthias Klose ] * Build using GCC 15 on development releases. openjdk-25 (25.0.1+8-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie openjdk-25 (25+36-1) unstable; urgency=medium . * OpenJDK 25 GA, build 36. Release notes: https://mail.openjdk.org/pipermail/jdk-dev/2025-September/010483.html . [ Vladimir Petko ] * d/rules: Mark as release. * d/watch: Regenerate. openjdk-25 (25~36ea-1) unstable; urgency=medium . * OpenJDK 25 snapshot, Build 36. * Build using GCC 15 on development releases. openjdk-25 (25~34ea-1) unstable; urgency=medium . * OpenJDK 25 snapshot, Build 34. . [ Matthias Klose ] * Update VCS attributes. . [ Vladimir Petko ] * d/copyright-generator/copyright-gen.py: bump copyright year. * d/copyright: regenerate. openssl (3.5.4-1~deb13u1) trixie; urgency=medium . * Import 3.5.4 openssl (3.5.3-1) unstable; urgency=medium . * Import 3.5.3 * Drop pic & Bsymbolic patches. This shouldn't be needed anymore. openssl (3.5.2-1) unstable; urgency=medium . * Import 3.5.2 openssl (3.5.1-1+deb13u1) trixie-security; urgency=medium . * CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap) * CVE-2025-9231 (Timing side-channel in SM2 algorithm on 64 bit ARM) * CVE-2025-9232 (Out-of-bounds read in HTTP client no_proxy handling) openvpn-auth-radius (2.1-9+deb13u1) trixie; urgency=medium . * patches/0008-authenticate-fix: Fix packet authentication (Closes: Bug#1118479) orphan-sysvinit-scripts (0.21+deb13u2) trixie; urgency=medium . * Add haveged init script (Closes: #1118622) patroni (4.0.7-3~deb13u1) trixie; urgency=medium . * Upload to stable. patroni (4.0.7-2) unstable; urgency=medium . * debian/tests/acceptance: Further changes to stopping etcd. If the init script exists, use it. Otherwise, if systemd is available, use that. If neither are available, do not try to stop etcd. patroni (4.0.7-1) unstable; urgency=medium . * New upstream release. * debian/patches/startup_scripts.patch: Refreshed. * debian/patches/avoid_overwriting_configuration_during_boostrap.patch: Likewise. * debian/patches/replslot-cluster-type-attribute.patch: Likewise. * debian/tests/acceptance: Only stop etcd if init script exists. pdns-recursor (5.2.6-0+deb13u1) trixie-security; urgency=medium . * New upstream version 5.2.6, fixing CVE-2025-59023. pdns-recursor (5.2.5-1) unstable; urgency=medium . * New upstream version 5.2.5 pdns-recursor (5.2.4-2+deb13u1) trixie; urgency=medium . * d/gbp.conf: update for trixie branch * d/rules: fix DEB_VERSION/DEB_VENDOR being empty. Thanks to Steve Mokris (Closes: #1113814) * d/rules: stop setting CARGO_REGISTRY, fixes Static-Built-Using Thanks to Fabian Gruenbichler. phpmyadmin (4:5.2.2-really+dfsg-1+deb13u1) trixie; urgency=medium . * Update d/missing-source for CVE-2025-3573 - jquery-validation - Fix XSS in the showLabel() function poppler (25.03.0-5+deb13u2) trixie; urgency=high . [ Leonidas Da Silva Barbosa ] * SECURITY UPDATE: Denial of service - debian/patches/CVE-2025-50420.patch: don't continue recursing in PDFDoc in poppler/PDFDoc.cc. - CVE-2025-50420 (Closes: #1110463) postfix (3.10.5-1~deb13u1) trixie; urgency=medium . * new upstream stable/bugfix 3.10.5 release, with multiple fixes. From the upstream release notes: - Workaround for an interface mis-match between the Postfix SMTP client and MTA-STS policy plugins. * The existing behavior is to connect to any MX host listed in DNS, and to match the server certificate against any STS policy MX host pattern. * The corrected behavior is to connect to an MX host only if its name matches any STS policy MX host pattern, and to match the server certificate against the MX hostname. The corrected behavior must be enabled in two places: in Postfix with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and in an MTA-STS plugin by enabling TLSRPT support, so that the plugin forwards STS policy attributes to Postfix. This works even if Postfix TLSRPT support is disabled at build time or at runtime. - TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-found", pretend that the TLSRPT policy domain value is equal to the recipient domain. This ignores that different policy types (TLSA, STS) use different policy domains. But this is what Microsoft does, and therefore, what other tools expect. - Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's connection reuse logic did not distinguish between sessions that require SMTPUTF8 support, and sessions that do not. The solution is 1) to store sessions with different SMTPUTF8 requirements under distinct connection cache storage keys, and 2) to not cache a connection when SMTPUTF8 is required but the server does not support that feature - Bugfix (defect introduced: Postfix 3.0, date 20140731): the smtpd 'disconnect' command statistics did not count commands with "bad syntax" and "bad UTF-8 syntax" errors - Postfix 3.11 forward compatibility: to avoid ugly warnings when Postfix 3.11 is rolled back to an older version, allow a preliminary 'size' record in maildrop queue files created with Postfix 3.11 or later - Bugfix (defect introduced: Postfix 3.8, date 20220128): non-reproducible build, because the 'postconf -e' output order for new main.cf entries was no longer deterministic - To make builds predictable, add missing meta_directory and shlib_directory settings to the stock main.cf file - Bugfix (defect introduced: Postfix 3.9, date 20230517): posttls-finger(1) logged an incorrectly-formatted port number * debian/patches/debian-defaults.patch: refresh, update for 2 new parameters (with defaults) in main.cf, and make it with less context * configure-instance.in: fix typo which caused recreating cadir in chroot and excessive logging (Closes: #1115412) postfix (3.10.4-3) unstable; urgency=medium . * Revert "std23-bool.patch: gcc-15 support (#1097639)" (didn't work) * rules: specify -std=gnu17 for CC for now (actually Closes: #1097639) postfix (3.10.4-2) unstable; urgency=medium . * std23-bool.patch: gcc-15 support (Closes: #1097639) * configure-instance.in: fix typo which caused recreating cadir in chroot and excessive logging (Closes: #1115412) postfix (3.10.4-1) unstable; urgency=medium . * New upstream stable/bugfix version 3.10.4, with a handful of fixes * d/rules: use pkgconf for mongoc instead of hard-coding paths/libs presage (0.9.1-2.6+deb13u1) trixie; urgency=medium . * debian/patches: + Add allow-words-with-apostrophes-to-be-predicted.patch. Support suggesting words containing apostrophes. Don't crash maliit-server / lomiri-keyboard / lomiri when using /usr/lib/lomiri-keyboard/plugins/en/database_en.db presage DB. (Closes: #770831, LP:#1384800). privatebin-cli (2.0.2-1+deb13u1) trixie; urgency=medium . * d/patches: Add patch to fix GCM issues with newer golang. (Closes: #1108675) proftpd-dfsg (1.3.8.c+dfsg-4+deb13u1) trixie; urgency=medium . [ Evgeni Golov ] * Do not remove non-empty /srv/ftp upon purge (Closes: #1119295). puppet-module-puppetlabs-rabbitmq (8.5.0-8+deb13u1) trixie; urgency=medium . * fix-list_users-provider.patch: also handle the case when there's no users at all. * Add setup-all-nodes-as-disk-nodes.patch. puppet-module-tempest (25.0.0-1+deb13u1) trixie; urgency=medium . * Add Fix_autoloading_of_openstack_provider.patch. python-eventlet (0.39.1-2+deb13u1) trixie; urgency=medium . * CVE-2025-58068: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. Applied upstream patch (Closes: #1112515): - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch python-internetarchive (5.4.0-2~deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * backport fix for directory transversal issue (Closes: #1114635, CVE-2025-58438) qemu (1:10.0.6+ds-0+deb13u2) trixie; urgency=medium . * d/changelog: remove wrong closes: #1095935 from the previous changelog entry (and reopen the bug): I confused it with another bug * linux-user-use-correct-type-for-FIBMAP-and-FIGETBSZ.patch - add a patch from upstream stable series (before next stable release) - fix wrong emulation of FIBMAP and FIGETBSZ ioctls. Needed for s390x cloud images. Will be in next upstream stable release, so will be removed in next debian. (Closes: #1119257) qemu (1:10.0.6+ds-0+deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.6 release - linux-user/microblaze: Fix little-endianness binary - target/hppa: correct size bit parity for fmpyadd - target/i386: user: do not set up a valid LDT on reset - async: access bottom half flags with qatomic_read - target/i386: fix x86_64 pushw op - i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit - i386/cpu: Prevent delivering SIPI during SMM in TCG mode - i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS - target/i386: Fix CR2 handling for non-canonical addresses - block/curl.c: Use explicit long constants in curl_easy_setopt calls - pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs - target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN=32 and SEW=64 - target/riscv: Fix ssamoswap error handling - target/riscv: Fix SSP CSR error handling in VU/VS mode - target/riscv: Fix the mepc when sspopchk triggers the exception - target/arm: Don't set HCR.RW for AArch32 only CPUs - pcie_sriov: make pcie_sriov_pf_exit() safe on non-SR-IOV devices - docs/devel: Correct uefi-vars-x64 device name - hid: fix incorrect return value for hid - ui/gtk: Fix callback function signature - ui/gtk: Consider scaling when propagating ui info - Revert "i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check" - Revert "target/i386: do not expose ARCH_CAPABILITIES on AMD CPU" * new upstream stable/bugfix release: - Update version for 10.0.5 release - tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image - tests/functional/test_ppc_bamboo: Replace broken link with working assets - physmem: Destroy all CPU AddressSpaces on unrealize - memory: New AS helper to serialize destroy+free - include/system/memory.h: Clarify address_space_destroy() behaviour - migration: Fix state transition in postcopy_start() error handling - target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions - target/riscv: rvv: Replace checking V by checking Zve32x - target/riscv: Fix endianness swap on compressed instructions - hw/riscv/riscv-iommu: Fixup PDT Nested Walk - target/riscv: do not use translator_ldl in opcode_at - target/riscv: use riscv_csrr in riscv_csr_read - hw/char: sifive_uart: Raise IRQ according to the Tx/Rx watermark thresholds - docs/interop/firmware: Add riscv64 to FirmwareArchitecture - hw/riscv/riscv-iommu: Fix MSI table size limit - ui/icons/qemu.svg: Add metadata information (author, license) to the logo - ui/spice: Fix abort on macOS - ppc/spapr: init lrdr-capapcity phys with ram size if maxmem not provided - hw/intc/xics: Add missing call to register vmstate_icp_server - hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint Closes: #1082377 (CVE-2024-8354) - tests/tcg/multiarch: Add tb-link test - accel/tcg: Properly unlink a TB linked to itself - tests: Fix "make check-functional" for targets without thorough tests - .gitlab-ci.d/buildtest.yml: Unset CI_COMMIT_DESCRIPTION for htags - tcg/optimize: Fix folding of vector bitsel - hw/pci-host/astro: Don't call pci_regsiter_root_bus() in init - hw/pci-host/dino: Don't call pci_register_root_bus() in init - target/sparc: Relax decode of rs2_or_imm for v7 - target/sparc: Loosen decode of RDTBR for v7 - target/sparc: Loosen decode of RDWIM for v7 - target/sparc: Loosen decode of RDPSR for v7 - target/sparc: Loosen decode of RDY for v7 - target/sparc: Loosen decode of STBAR for v8 - target/sparc: Allow TRANS macro with no extra arguments - linux-user: avoid -Werror=int-in-bool-context - multiboot: Fix the split lock - target/i386: Define enum X86ASIdx for x86's address spaces - i386/cpu: Enable SMM cpu address space under KVM - hw/usb/network: Remove hardcoded 0x40 prefix in STRING_ETHADDR response - rust: hpet: fix new warning - ci: run RISC-V cross jobs by default - tests/docker/dockerfiles/python.docker: pull fedora:40 image instead of fedora:latest - .gitmodules: move u-boot mirrors to qemu-project-mirrors - iotests/check: always enable all python warnings - iotests/151: ensure subprocesses are cleaned up - iotests/147: ensure temporary sockets are closed before exiting - python: ensure QEMUQtestProtocol closes its socket - iotests: drop compat for old version context manager - python: backport 'avoid creating additional event loops per thread' - python: backport 'Remove deprecated get_event_loop calls' - python: backport 'qmp-tui: Do not crash if optional dependencies are not met' - python: backport 'qmp-shell-wrap: handle missing binary gracefully' - python: backport 'Use @asynciocontextmanager' - python: backport 'drop Python3.6 workarounds' - python: backport 'kick event queue on legacy event_pull()' - ui/vnc: Fix crash when specifying [vnc] without id in the config file - target/loongarch: Guard 64-bit-only insn translation with TRANS64 macro - target/loongarch: Add CRC feature flag and use it to gate CRC instructions * new upstream stable/bugfix release: - Update version for 10.0.4 release - block/curl: fix curl internal handles handling (Closes: #1111809) - hw/gpio/pca9554: Avoid leak in pca9554_set_pin() - hw/ppc: Fix build error with CONFIG_POWERNV disabled - target/mips: fix TLB huge page check to use 64-bit shift - linux-user/mips: Select M14Kc CPU to run microMIPS binaries - linux-user/mips: Select 74Kf CPU to run MIPS16e binaries - elf: Add EF_MIPS_ARCH_ASE definitions - e1000e: Prevent crash from legacy interrupt firing after MSI-X enable - Revert "tests/qtest: use qos_printf instead of g_test_message" - vfio scsi ui: Error-check qio_channel_socket_connect_sync() the same way - i386/kvm/vmsr_energy: Plug memory leak on failure to connect socket - qga: Fix truncated output handling in guest-exec status reporting - qga-vss: Write hex value of error in log - qga/installer: Remove QGA VSS if QGA installation failed - hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects - qemu/atomic: Finish renaming atomic128-cas.h headers - scripts/kernel-doc: Avoid new Perl precedence warning - target/arm: Trap PMCR when MDCR_EL2.TPMCR is set - hw/intc/arm_gicv3_kvm: preserve pending interrupts during cpr - linux-user: Add strace for rseq - i386/tcg/svm: fix incorrect canonicalization - python: mkvenv: fix messages printed by mkvenv - hw/uefi: open json file in binary mode - hw/uefi: check access for first variable - hw/uefi: return success for notifications - hw/uefi: clear uefi-vars buffer in uefi_vars_write callback - mkvenv: Support pip 25.2 - hw/sd/ssi-sd: Return noise (dummy byte) when no card connected - qemu-iotests: Ignore indentation in Killed messages - rbd: Fix .bdrv_get_specific_info implementation - hw/nvme: cap MDTS value for internal limitation - hw/nvme: revert CMIC behavior - hw/nvme: fix namespace attachment - target/loongarch: Fix [X]VLDI raising exception incorrectly - ui/curses: Fix infinite loop on windows - ppc/xive2: Fix treatment of PIPR in CPPR update - ppc/xive2: Fix irq preempted by lower priority group irq - ppc/xive2: Reset Generation Flipped bit on END Cache Watch - ppc/xive: Fix PHYS NSR ring matching - ppc/xive2: fix context push calculation of IPB priority - ppc/xive2: Remote VSDs need to match on forwarding address - ppc/xive2: Fix calculation of END queue sizes - ppc/xive: Report access size in XIVE TM operation error logs - ppc/xive: Fix xive trace event output - target/i386/cpu: Move addressable ID encoding out of compat property in CPUID[0x1] - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16] - i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check - Revert "i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16]" (The 5 changes above Closes: #1095935 in 10.0.x) - qga: correctly write to /sys/power/state on linux (Closes: #1108387) - scripts/make-release: Go back to cloning all the EDK2 submodules - target/arm: add support for 64-bit PMCCNTR in AArch32 mode - hw/ssi/aspeed_smc: Fix incorrect FMC_WDT2 register read on AST1030 - target/arm: Fix handling of setting SVE registers from gdb - target/arm: Fix big-endian handling of NEON gdb remote debugging - hw/intc/arm_gicv3_kvm: Write all 1's to clear enable/active - hw/i386/amd_iommu: Move IOAPIC memory region initialization to the end - intel_iommu: Allow both Status Write and Interrupt Flag in QI wait - pcie_sriov: Fix configuration and state synchronization - virtio-net: Fix VLAN filter table reset timing - vhost: Do not abort on log-stop error - vhost: Do not abort on log-start error - virtio: fix off-by-one and invalid access in virtqueue_ordered_fill - target/loongarch: Fix valid virtual address checking - target/riscv: Restrict midelegh access to S-mode harts - target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts - intc/riscv_aplic: Fix target register read when source is inactive - target/riscv: Fix pmp range wraparound on zero - target/riscv: Fix exception type when VU accesses supervisor CSRs - target/riscv: do not call GETPC() in check_ret_from_m_mode() - linux-user/strace.list: add riscv_hwprobe entry - roms/Makefile: fix npcmNxx_bootrom build rules - system/physmem: fix use-after-free with dispatch - hw/net/cadence_gem: fix register mask initialization - target/mips: Only update MVPControl.EVP bit if executed by master VPE - docs/user: clarify user-mode expects the same OS - linux-user/aarch64: Support TPIDR2_MAGIC signal frame record - linux-user/aarch64: Clear TPIDR2_EL0 when delivering signals - target/i386: fix width of third operand of VINSERTx128 - hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation - host-utils: Drop workaround for buggy Apple Clang __builtin_subcll() * drop patches included upstream: - hw-display-qxl-render.c-fix-qxl_unpack_chunks-chunk-.patch - pcie_sriov-Fix-configuration-and-state-synchronizati.patch - system-physmem-fix-use-after-free-with-dispatch.patch * d/control.mk: 10.0.6+ds qemu (1:10.0.3+ds-4) unstable; urgency=medium . [ Heinrich Schuchardt ] * d/control: qemu-system-riscv missing recommends qemu-system-riscv needs the same/similar packages for EFI, spice, opengl, special block devices, as qemu-system-arm and qemu-system-x86 . [ Michael Tokarev ] * d/control: omit system-xen if omit-system build profile is specified this makes pkg.qemu.omit-system to omit all system components, including xen * qemu-user binfmts: stop supporting old kernels using custom patch qemu supports argv[0] handling with a help of kernel support since at least bullseye (or even buster), - for a really long time. There's no need to use custom code for older kernels anymore. Also closes: #1054104 * d/binfmt-install: do not generate update-binfmt un-registration postinst script for upgrades from bookworm * d/control: drop old (pre-bookworm) breaks/replaces/conflicts/provides * hw-uefi-clear-uefi-vars-buffer-in-uefi_vars_write-CVE-2025-8860.patch Closes: #1111030, CVE-2025-8860 * d/control: remove long-forgotten qemu-system-common dependency on acl (for #762192) which is not needed * remove qemu-user-static package (& qemu-debootstrap) remove links to qemu-user with -static suffix, together with obsolete qemu-debootstrap command. qemu-user-static is now provided by qemu-user-binfmt package. Also closes: #1107554 * d/gbp.conf: switch to master branch qemu (1:10.0.3+ds-3) unstable; urgency=medium . * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration. This means suid and sgid binaries under qemu-user will work without changing credentials. This is a serious security issue, since qemu-user never supposed to be used in this way, and it is trivial to get elevated privileges for an attacker if there's any suid/sgid binary under qemu-user which is runnable for an attacker. This change might break CI/testing environment expectations. * d/qemu-user.postinst: trigger /usr/lib/binfmt.d (#1110982) * d/rules: fix typo in comment (it is qemu-system-data, not qemu-user-data) qemu (1:10.0.3+ds-2) unstable; urgency=medium . * d/control: (temporarily) build-depend on python3-distlib to work around new pip 25.2+ in forky qemu (1:10.0.3+ds-1) unstable; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.3 release - hvf: arm: Emulate ICC_RPR_EL1 accesses properly - target/arm: Correct encoding of Debug Communications Channel registers https://gitlab.com/qemu-project/qemu/-/issues/2986 - ui: fix setting client_endian field defaults - hw/net/npcm_gmac.c: Send the right data for second packet in a row - target/i386: do not expose ARCH_CAPABILITIES on AMD CPU - i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] - i386/cpu: Fix overflow of cache topology fields in CPUID.04H - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - ui/vnc: Do not copy z_stream - vhost: Fix used memslot tracking when destroying a vhost device - roms: re-remove execute bit from hppa-firmware* - file-posix: Fix aio=reads performance regression after enablign FUA https://issues.redhat.com/browse/RHEL-96854 - amd_iommu: Fix truncation of oldval in amdvi_writeq - amd_iommu: Remove duplicated definitions - amd_iommu: Fix the calculation for Device Table size - amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE - amd_iommu: Fix masks for various IOMMU MMIO Registers - amd_iommu: Update bitmasks representing DTE reserved fields - amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command - amd_iommu: Fix Miscellaneous Information Register 0 encoding - virtio-net: Add queues for RSS during migration - net: fix buffer overflow in af_xdp_umem_create() - accel/kvm: Adjust the note about the minimum required kernel version - linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC - migration: Don't sync volatile memory after migration completes - linux-user: Hold the fd-trans lock across fork https://gitlab.com/qemu-project/qemu/-/issues/2846 - linux-user: Check for EFAULT failure in nanosleep - linux-user: Implement fchmodat2 syscall https://gitlab.com/qemu-project/qemu/-/issues/3019 - hw/arm/fsl-imx8mp: Wire VIRQ and VFIQ - target/arm: Don't enforce NSE,NS check for EL3->EL3 returns https://gitlab.com/qemu-project/qemu/-/issues/3016 - target/i386: fix TB exit logic in gen_movl_seg() when writing to SS https://gitlab.com/qemu-project/qemu/-/issues/2987 - target/arm: Fix bfdotadd_ebf vs nan selection - target/arm: Fix f16_dotadd vs nan selection - target/arm: Fix PSEL size operands to tcg_gen_gvec_ands - target/arm: Fix 128-bit element ZIP, UZP, TRN - target/arm: Fix sve_access_check for SME - target/arm: Fix SME vs AdvSIMD exception priority - hw/s390x/ccw-device: Fix memory leak in loadparm setter - virtio-gpu: support context init multiple timeline - target/arm: Correct KVM & HVF dtb_compatible value - target/arm: Make RETA[AB] UNDEF when pauth is not implemented - tcg: Fix constant propagation in tcg_reg_alloc_dup https://gitlab.com/qemu-project/qemu/-/issues/3002 - target/loongarch: fix vldi/xvldi raise wrong error - target/loongarch: add check for fcond - linux-user/arm: Fix return value of SYS_cacheflush - hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions - qemu-options.hx: Fix reversed description of icount sleep behavior - hw/arm/virt: Check bypass iommu is not set for iommu-map DT property - hw/loongarch/virt: Fix big endian support with MCFG table - hw/core/qdev-properties-system: Add missing return in set_drive_helper() - iotests: fix 240 - target/i386: Remove FRED dependency on WRMSRNS - hw/audio/asc: fix SIGSEGV in asc_realize() - audio: fix size calculation in AUD_get_buffer_size_out() - audio: fix SIGSEGV in AUD_get_buffer_size_out() - hw/i386/amd_iommu: Fix xtsup when vcpus < 255 - hw/i386/amd_iommu: Fix device setup failure when PT is on. - hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine - vhost: Don't set vring call if guest notifier is unused - hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info - ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats - ui/vnc: take account of client byte order in pixman format - ui/vnc.c: replace big endian flag with byte order value - ui/sdl: Consider scaling in mouse event handling - ui/gtk: Update scales in fixed-scale mode when rendering GL area - gtk/ui: Introduce helper gd_update_scale - ui/gtk: Use consistent naming for variables in different coordinates - ui/gtk: Document scale and coordinate handling - hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts - hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang * d/gbp.conf: switch to debian-trixie branch * d/control.mk: checked-version=10.0.3+ds * qemu-img-options.patch: adjust help text for "convert" subcommand: use the historic option which were accepted by the upstream, not the new option introduced in this patch * pcie_sriov-Fix-configuration-and-state-synchronizati.patch from upstream Closes: #1109989, CVE-2025-54566, CVE-2025-54567 qt6-base (6.8.2+dfsg-9+deb13u1) trixie; urgency=medium . * Backport patch to fix high CPU load of kwin_x11 when locking the screen. quicktext (6.4.6-1~deb13u1) trixie; urgency=medium . * Rebuildfor trixie after upload thunderbird 140.3 quicktext (6.4.4-1~exp1) experimental; urgency=medium . [ Mechtilde ] * [c2fa859] Improved d/u/metadata using Mozilla repo * [747d9c9] Fixed d/dpb.conf * [be3897e] New upstream version 6.4.4 * [c2fa859] Improved d/u/metadata using Mozilla repo * [747d9c9] Fixed d/dpb.conf * [be3897e] New upstream version 6.4.4 quicktext (6.4.1-1~exp1) experimental; urgency=medium . [ Mechtilde ] * [19f530b] New upstream version 6.4.1 * [a42d224] New upstream version 6.4 * [f37aa19] Bumped version of thunderbird * [1fc0b84] Added d/dpb.conf for using with debian-package-scripts * [a72aabf] Bumped version for thunderbird rabbitmq-server (4.0.5-6+deb13u2) trixie; urgency=medium . * CVE-2025-50200: In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. Added upstream patch: Fix_Cowboy_crashes_caused_by_double_reply.patch. (Closes: #1108075) redis (5:8.0.2-3+deb13u1) trixie-security; urgency=medium . * CVE-2025-49844 / CVE-2025-46819 / CVE-2025-46818 / CVE-2025-46817 request-tracker5 (5.0.7+dfsg-4+deb13u1) trixie-security; urgency=medium . * Apply upstream patch which fixes several security vulnerabilities: - [CVE-2025-61873] Fix CSV injection via ticket values with special characters that are exported to a TSV from search results. - [CVE-2025-9158] Fix XSS via calendar invitations added to a ticket. riseup-vpn (0.24.10+ds1-1+deb13u1) trixie; urgency=medium . * Add qml6-module-qtcore to Depends (Closes: #1110558) rocm-hipamd (5.7.1-6+deb13u1) trixie; urgency=medium . [ Cordell Bloor ] * Add d/p/0041-inline-bf16-functions.patch to mark functions defined in amd_hip_bf16.h as inline. This change prevents multiple definition errors during linking for programs that include in more than one translation unit (Closes: #1116585) * Fix hipcc manpage title (Closes: #1107681) * Fix spelling error in roc-obj-ls manpage rsyslog-doc (8.2504.0+dfsg-1+deb13u1) trixie; urgency=medium . * Switch debian-branch to debian/trixie * Use sphinx_rtd_theme instead of the sphinx default theme. This matches what upstream has been using in the past and results in a nicer looking and more usable output, e.g. it produces a proper toc in the sidebar. ruby-rack (3.1.18-1~deb13u1) trixie-security; urgency=medium . * New upstream version 3.1.18. - CVE-2025-61772: Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion). - CVE-2025-61771: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion). - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS (memory exhaustion). - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass. - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion. - Closes: #1117855, #1117856, #1117627, #1117628 ruby-sys-filesystem (1.4.4-1+deb13u1) trixie; urgency=medium . * Backport upstream PR#82 to fix linux64 detection fails on s390x and alpha (Closes: #1114552). rust-virtiofsd (1.13.2-1+deb13u1) trixie; urgency=medium . * add Depends: uidmap. Closes: #1109051 virtiofsd uses uidmap when run in a user namespace, and this is the most secure way to use it. So uidmap package is basically required. sail (0.9.8-1+deb13u1) trixie; urgency=medium . * Add upstream patches to fix security vulnerabilities. (Closes: #1112346) - CVE-2025-32468 - CVE-2025-35984 - CVE-2025-46407 - CVE-2025-50129 - CVE-2025-52456 - CVE-2025-52930 - CVE-2025-53085 - CVE-2025-53510 samba (2:4.22.6+dfsg-0+deb13u1) trixie; urgency=medium . * new upstream stable/security release: - https://bugzilla.samba.org/show_bug.cgi?id=15843: macOS Finder client DFS broken on 4.22.0 - https://bugzilla.samba.org/show_bug.cgi?id=15900: 'net ads group' failed to list domain groups - https://bugzilla.samba.org/show_bug.cgi?id=15905: samba-4.21 fails to join AD when multiple DCs are returned - https://bugzilla.samba.org/show_bug.cgi?id=15919: vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send - https://bugzilla.samba.org/show_bug.cgi?id=15921: CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set - https://bugzilla.samba.org/show_bug.cgi?id=15926: Samba 4.22 breaks Time Machine - https://bugzilla.samba.org/show_bug.cgi?id=15927: Spotlight search restriction for shares incomplete and default search searches in too many attributes - https://bugzilla.samba.org/show_bug.cgi?id=15931: rpcd_mdssvc may crash because name mangling is not initialized - https://bugzilla.samba.org/show_bug.cgi?id=15933: Only increment lease epoch if a lease was granted . * new upstream security release: - CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr https://www.samba.org/samba/security/CVE-2025-9640.html - CVE-2025-10230: Command injection via WINS server hook script https://www.samba.org/samba/security/CVE-2025-10230.html samba (2:4.22.6+dfsg-0+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports (resolve before-trixie build profile). samba (2:4.22.4+dfsg-1) unstable; urgency=medium . * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 - https://bugzilla.samba.org/show_bug.cgi?id=15663: Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine) - https://bugzilla.samba.org/show_bug.cgi?id=15816: vfs_streams_depot fstatat broken - https://bugzilla.samba.org/show_bug.cgi?id=15840: kinit command is failing with Missing cache Error - https://bugzilla.samba.org/show_bug.cgi?id=15844: getpwuid does not shift to new DC when current DC is down - https://bugzilla.samba.org/show_bug.cgi?id=15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName - https://bugzilla.samba.org/show_bug.cgi?id=15877: Fix handling of empty GPO link - https://bugzilla.samba.org/show_bug.cgi?id=15880: SMB ACL inheritance doesn't work for files created - https://bugzilla.samba.org/show_bug.cgi?id=15881: Unresponsive second DC can cause idmapping failure when using idmap_ad (was libads-fix-get_kdc_ip_string.patch) - https://bugzilla.samba.org/show_bug.cgi?id=15891: Figuring out the DC name from IP address fails and breaks fork_domain_child() - https://bugzilla.samba.org/show_bug.cgi?id=15892: Delayed leader broadcast can block ctdb forever * libads-fix-get_kdc_ip_string.patch: remove, included upstream * d/gbp.conf: debian-branch=debian/4.22 samhain (4.1.4-6+deb13u1) trixie; urgency=medium . * d/rules: - Quick fix preventing potential segfaults (Closes: #1111631) shibboleth-sp (3.5.0+dfsg-2+deb13u1) trixie-security; urgency=high . * [627cc27] New patch: SSPCPP-1014 - Extend escaping in strings. Fix SQL injection vulnerability in Service Provider ODBC plugin: specially crafted inputs can exfiltrate information stored in the database used by the SP. The vulnerability is moderate to high severity for anyone using the ODBC plugin, and of no impact for others. Thanks to Scott Cantor (Closes: #1114506) spip (4.4.3+dfsg-1+deb13u1) trixie; urgency=medium . * Track debian/trixie * Backport security fix from 4.4.5: Fix open redirect on ajax login form squid (6.13-2+deb13u1) trixie-security; urgency=high . * Non Maintainer Upload by LTS team * Fix CVE-2025-62168 (Closes: #1118341) Due to a failure to redact HTTP Authentication credentials Squid is vulnerable to an Information Disclosure attack. * Fix CVE-2025-59362 (Closes: #1117048) Squid mishandles ASN.1 encoding of long SNMP OIDs. stardict (3.0.7+git20220909+dfsg-8~deb13u1) trixie; urgency=medium . * Upload to trixie * Update d/gbp.conf for trixie-specific stardict (3.0.7+git20220909+dfsg-7) unstable; urgency=medium . * d/stardict-plugin.install:not install stardict_dictdotcn.so, Closes: #806960 * d/rules:Added --disable-dictdotcn option, dictdotcn is not provid server now suricata (1:7.0.10-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-53538 in 7.0.10. Cherry-Picked from upstream 97eee2cadacf3423a1ebcdd1943a7a7917f5cc56. Closes: #1109806 Reference: #1116945 * Fix CVE-2025-59147 in 7.0.10. Cherry-Picked from upstream e91b03c90385db15e21cf1a0e85b921bf92b039e and slightly modified to fit for Suricata 7.0.10. Reference: #1119940 syslog-ng (4.8.1-5+deb13u1) trixie; urgency=medium . * Turn off writing log statistics (closes: #1110329). systemd (257.9-1~deb13u1) trixie; urgency=medium . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd (257.8-1~deb13u2) trixie; urgency=medium . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) systemd-boot-efi-amd64-signed (257.9+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.9-1~deb13u1 . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd-boot-efi-amd64-signed (257.8+1~deb13u2) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u2 . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) systemd-boot-efi-arm64-signed (257.9+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.9-1~deb13u1 . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd-boot-efi-arm64-signed (257.8+1~deb13u2) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u2 . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) tango (10.0.2+dfsg1-2+deb13u1) trixie; urgency=medium . * Team upload. * Fix broken communication between major versions: libtango9 cannot receive events from libtango10 (Closes: #1118207) * d/gitlab-ci.yml (Salsa CI): - Set RELEASE to trixie in d/gitlab-ci.yml to explicitly trigger trixie-based pipelines. - Disable the reprotest job. Releases older than unstable are not very well supported by the Salsa CI's reprotest job, and this failing without a good reason. tango (10.0.2+dfsg1-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Team upload. * Rebuild for bookworm-backports. * Set RELEASE to bookworm-backports in d/gitlab-ci.yml. To explicitly trigger bookworm-backports-based pipelines. tbsync (4.16-1~deb13u2) trixie; urgency=medium . * Added dir api/ to d/rules. It follows 4.16-2 in unstable #1118180. tbsync (4.16-1~deb13u1) trixie; urgency=medium . * Rebuild for uploading with thunderbird>= 140.3 to trixie thunderbird (1:140.4.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.4.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.3.1esr-1) unstable; urgency=medium . * [f86a89f] New upstream version 140.3.1esr * [87cb9f6] d/control: Update packages need to have a Breaks Updating the packages in the Breaks field as like very often with a new ESR version some AddOns need to be bumped too. Removing old non existing or not relevant packages from the field. Adding these new packages: webext-allow-html-temp (<= 10.0.8-1~) webext-dav4tbsync (<= 4.8-2~) webext-eas4tbsync (<= 4.17-1~) webext-mailmindr (<= 1.7.1-2~) webext-quicktext (<= 6.4.6-1~) webext-tbsync (<= 4.16-1~) webext-xnotepp (<= 4.5.81-1~) (Closes: #1116976) thunderbird (1:140.3.0esr-1) unstable; urgency=medium . [ Carsten Schoenert ] * [de64a72] d/watch: Mangle 'esr' suffix from version * [85543ab] New upstream version 140.3.0esr Fixed CVE issues in upstream version 140.3 (MFSA 2025-78): CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component CVE-2025-10529: Same-origin policy bypass in the Layout component CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component CVE-2025-10533: Integer overflow in the SVG component CVE-2025-10536: Information disclosure in the Networking: Cache component CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (Closes: #1115605) * [635002d] Rebuild patch queue from patch-queue branch * [6d2f42d] d/control: Remove Rules-Requires-Root . [ Carles Pina i Estany ] * [634cd34] d/control: Drop Recommends on thunderbird-l10n-fi (Closes: #1115457) . [ Dandan Zhang ] * [00691f6] d/control: Adding loong64 architecture (Closes: #1059966) thunderbird (1:140.2.0esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [3449bf5] d/rules: export CC and CXX definitions on ppc64 This is a follow-up fix for [cb1ed45]. . [ Carsten Schoenert ] * [2e811f6] d/watch: Migrate to version 5 * [ddad9bc] New upstream version 140.2.0esr thunderbird (1:140.1.1esr-1) experimental; urgency=medium . * [e6e4d2d] d/source.filter: Update content to filter out * [4b7d308] New upstream version 140.1.1esr * [472919e] d/rules: Add target for NSS and NSPR versions * [3e7b6b0] d/control: Bump B-D for libnss3-dev thunderbird (1:140.1.0esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [7ac28d3] d/rules: export 'Clto=thin' on i386 to stay in the memory budged Added patch: debian-hacks/Allow-to-override-rust-LTO-flag.patch . [ Carsten Schoenert ] * [2ed0df2] d/create-upstream-tarballs.py: Use the real CDN URL * [82f0f9e] New upstream version 140.1.0esr * [fb16995] Rebuild patch queue from patch-queue branch Added patch: porting-ppc64el/skia-Adjust-detection-of-ppc64-architecture.patch * [ad0c4b4] d/control: Increase Standards-Version to 4.7.2 No further changes needed. * [dc57502] d/copyright: Update content due upstream changes * [3e8fe05] d/s/lintian-overrides: Update data due upstream changes * [4378ab3] d/t-lintian-overrides: Update due build changes . [ John Paul Adrian Glaubitz ] * [cb1ed45] d/rules: Use gcc and g++ on ppc64 (Closes: #1109861) thunderbird (1:140.0.1esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [259f52c] New upstream version 140.0.1esr (Closes: #1109451) * [a5a86f3] rebuild patch queue from patch-queue branch obsolete patches (fixed upstream): debian-hacks/Downgrade-cbindgen-requirement.patch * [fe04434] d/rules, d/thunderbird.install: ignore additional binary crashhelper for now . [ Alessandro Astone ] * [f5a46a4] Update rule to drop dependency on gtk2 with the new t64 package name thunderbird (1:138.0-1) experimental; urgency=medium . * [870fc65] New upstream version 138.0 * [cc0885e] rebuild patch queue from patch-queue branch added patches: debian-hacks/Downgrade-cbindgen-requirement.patch * [f7487ae] d/control: bump cbindgen build dependency * [61f6d95] d/thunderbird.install: install interesting_serverknobs.json file thunderbird (1:137.0-1) experimental; urgency=medium . * [148e2f7] New upstream version 137.0 thunderbird (1:136.0-1) experimental; urgency=medium . * [3f06ac7] New upstream version 136.0 thunderbird (1:135.0-1) experimental; urgency=medium . * [bdcaf66] Revert "d/rules: Move/rename third party Python modul temporarly" (Closes: #1093362) * [e33e9d8] New upstream version 135.0 * [e68ae48] rebuild patch queue from patch-queue branch modified patches: porting-mips64el/skia-Disable-musttail-on-mips64.patch porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch thunderbird-l10n/sl-change-Edit-Uredi-to-CTRL-E.patch obsolete patches (fixed upstream): porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch thunderbird (1:132.0~b6-1) experimental; urgency=medium . * [282778e] d/changelog: Correct small typo * [b5b363b] New upstream version 132.0~b6 * [7e23518] d/control: Bump various B-D versions, drop non needed * [f979f8f] d/thunderbird.postinst: Correct misspelled THUNDERBIRD_LIBDIR (Closes: #1082842) thunderbird (1:130.0~b3-1) experimental; urgency=medium . * [041e622] d/control: Fix short description for thunderbird-l10n-lv (Closes: #1079029) * [820aec2] New upstream version 130.0~b3 * [628eb92] d/control: Readd dependencies on librnp{0,-dev} * [8e6b0e8] d/rules: Move/rename third party Python modul temporarly * [ee4c48d] d/source.filter: Exclude some JS files from exclusion thunderbird (1:129.0~b6-1) experimental; urgency=medium . [ Carsten Schoenert ] * [5ee74f4] d/watch: Now watch out for 'esr' suffixed versions * [8e4b85a] d/thunderbird.desktop: Update data with upstream data (Closes: #1042912, #1051261) * [a0e3d2e] New upstream version 129.0~b6 * [0b12902] d/control: Drop B-D on libdbus-glib-1-dev (Closes: #955955) * [cf730a8] d/create-upstream-tarballs.py: Ignore version 129.0 * [0528b45] d/s/lintian-overrides: Update some overrides . [ Michael Weghorn ] * [e4d3be0] Use app ID that matches the desktop file name (Closes: #1022037) thunderbird (1:128.14.0esr-1) unstable; urgency=medium . * [4f3d4b8] New upstream version 128.14.0esr Fixed CVE issues in upstream version 128.14 (MFSA 2025-71): CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component CVE-2025-9181: Uninitialized memory in the JavaScript Engine component CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 tiff (4.7.0-3+deb13u1) trixie-security; urgency=medium . * CVE-2024-13978 (Closes: #1111323) * CVE-2025-8961 (Closes: #1111317) * CVE-2025-9165 (Closes: #1111878) * CVE-2025-9900 tryton-sao (7.0.28+ds1-1+deb13u1) trixie-security; urgency=high . * Add 01_xss_vulnerability_attachments_preview.patch. Patch for security issue: https://discuss.tryton.org/t/security-release-for-issue-14290/8895 The HTML element used to display the document is based on the mimetype. And by default a sandboxed iframe is used to isolate the unsafe content from the parent context. ublock-origin (1.67.0+dfsg-1~deb13u1) trixie; urgency=medium . * Backport version 1.67.0 to trixie to improve user experience and add new filter capabilities. ublock-origin (1.67.0+dfsg-1~deb12u1) bookworm; urgency=medium . * Backport version 1.67.0 to bookworm to improve user experience and add new filter capabilities. (Closes: #1059545) * Fix CVE-2025-4215: Regular Expression Denial of Service (ReDoS) (Closes: #1104635) valkey (8.1.1+dfsg1-3+deb13u1) trixie-security; urgency=medium . * (CVE-2025-49844) A Lua script may lead to remote code execution * (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE * (CVE-2025-46818) A Lua script can be executed in the context of another user * (CVE-2025-46819) LUA out-of-bound read virt-manager (1:5.0.0-5+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Fix: Clicking on "Browse Local" has no effect and throws an error (Closes: #1112514) * Update debian/gbp.conf to point to trixie branches watcher (14.0.0-1+deb13u1) trixie; urgency=medium . * Add export OS_OSLO_MESSAGING_RABBIT__PROCESSNAME for all daemons. * A vulnerability has been identified in OpenStack Nova and OpenStack Watcher in conjunction with volume swap operations performed by the Watcher service. Under specific circumstances, this can lead to a situation where two Nova libvirt instances could reference the same block device, allowing accidental information disclosure to the unauthorized instance. Added upstream patch: OSSN-0094_use_cinder_migrate_for_swap_volume.patch. (Closes: #1111692). webkit2gtk (2.50.1-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the gcc compiler on mips64el since trixie already uses gcc-14 by default. webkit2gtk (2.50.1-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * Don't override the gcc compiler on mips64el since bookworm uses gcc 12 and not gcc 15 (#1116217). * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.0-2) unstable; urgency=medium . * debian/patches/fix-ftbfs-i386.patch: - Update patch to also fix the armhf build. * Force gcc-14 in mips64el because gcc 15 fails with an internal compiler error (#1116217) and clang is not an option ("failed to perform tail call elimination"). * debian/rules: - Remove unused variable EXTRA_BUILD_ARGUMENTS. * debian/patches/disable-nvidia-dmabuf.patch: - Bring back this patch, now adapted to WebKitGTK 2.50.0. webkit2gtk (2.50.0-1) unstable; urgency=medium . * New upstream release. * Bring all changes from the 2.49 (experimental) branch. * debian/copyright: - Update copyright information of all files. * debian/gbp.conf: - Update upstream branch name. * debian/libwebkit2gtk-4.0-37.symbols: - Update symbols. * Refresh all patches. - Drop disable-nvidia-dmabuf.patch for now, it needs changes. * debian/patches/fix-ftbfs-s390x.patch: - Fix FTBFS in s390x (WebKit bug #298308). * debian/patches/fix-ftbfs-i386.patch: - Fix FTBFS in i386 (WebKit bug #299018). * Stop building the transitional packages for forky. * debian/source/lintian-overrides: - Update source-is-missing overrides. webkit2gtk (2.49.90-1) experimental; urgency=medium . * New upstream development release. * debian/watch, debian/gbp.conf: - Branch for 2.49.x in experimental. * Refresh all patches. - Drop fix-ftbfs-armv7.patch. - Drop disable-nvidia-dmabuf.patch for now, it needs changes. * Stop building the transitional packages for forky. * debian/copyright: - Update copyright information of all files. * Stop supporting non-SSE2 i386 CPUs since trixie now requires SSE2 support. - Drop dont-detect-sse2.patch. - Enable the JIT again and disable CLoop. * debian/libwebkit2gtk-4.0-37.symbols: - Update symbols. * debian/source/lintian-overrides: - Update source-is-missing overrides. webkit2gtk (2.48.6-1) unstable; urgency=medium . [ Alberto Garcia ] * New upstream release. * Drop fix-ftbfs-armv7.patch. * Stop supporting non-SSE2 i386 CPUs since SSE2 is required starting from trixie. - Drop dont-detect-sse2.patch. - Enable the JIT again and disable CLoop. * Use clang in i386. This is now possible since we require SSE2. . [ Jeremy Bicha ] * Disable gamepad feature on Ubuntu since libmanette is in universe there. * Don't require libmanette on i386. webkit2gtk (2.48.5-1) unstable; urgency=high . * New upstream release. * The WebKitGTK security advisory WSA-2025-0005 lists the following security fixes in the latest versions of WebKitGTK: - CVE-2025-24189 (fixed in 2.48.0). - CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558 (fixed in 2.48.5). * debian/upstream/signing-key.asc: - Update Adrian Perez's PGP key. * debian/patches/fix-ftbfs-armv7.patch: - Fix arm build. wike (3.1.1-1+deb13u1) trixie; urgency=medium . * Add cherry-picked upstream patch setting correct useragent (Closes: #1119977) wtmpdb (0.73.0-3+deb13u1) trixie; urgency=medium . * Rotate and prune logs using logrotate (Closes: #1094965) - patch to handle empty file reading - remove units and cron jobs for old (disabled) rotation solution - cause new and rotated files to keep permissions (Closes: #1076308) * Store logs in system log directory, /var/log (Closes: #1117719) * Remove logs on package purge * README.Debian: document new log handling xnote (4.5.48-1~deb13u1) trixie; urgency=medium . * Rebuild for upload after thunderbird 140.3 in trixie xorg (1:7.7+24+deb13u1) trixie; urgency=medium . * Team upload . [ Jochen Sprickerhof ] * 20x11-common_process-args: Only use the first word for command -v (Closes: #1094494) xorg-server (2:21.1.16-1.3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * present: Fix use-after-free in present_create_notifies() (CVE-2025-62229) * xkb: Make the RT_XKBCLIENT resource private (CVE-2025-62230) * xkb: Free the XKB resource when freeing XkbInterest (CVE-2025-62230) * xkb: Prevent overflow in XkbSetCompatMap() (CVE-2025-62231) xssproxy (1.0.0-1+deb13u1) trixie; urgency=medium . * Add listen-path.patch, listening on object path /org/freedesktop/ScreenSaver too (Closes: #1092965) * Add cookie-not-zero.patch, avoiding problem with xdg-desktop-portal-gtk (Closes: #1115458) ====================================== Sat, 06 Sep 2025 - Debian 13.1 released ====================================== aide (0.19.1-2+deb13u1) trixie-security; urgency=high . * Apply upstream patch to escape control characters in report and log output (CVE-2025-54389) * Apply upstream patch to fix null pointer dereference after reading incorrectly encoded xattr attributes from database (CVE-2025-54409) auto-apt-proxy (16.8+deb13u1) trixie; urgency=medium . * Check explicitly configured proxies before network gateway (Closes: #1108265) * Add trixie-specific gbp.conf base-files (13.8+deb13u1) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.1 point release. chromium (139.0.7258.154-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. chromium (139.0.7258.154-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. * d/patches/bookworm/stdarch-arm.patch: drop to fix FTBFS on arm64 with newer rustc-web. chromium (139.0.7258.138-1) unstable; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.138-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.138-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.127-2) unstable; urgency=high . * d/patches: - bookworm/adler1.patch: drop, rustc in sid is now new enough for adler2. Also move it into trixie/adler1.patch. - bookworm/libxml-parseerr.patch: drop, libxml in sid is upgraded. Also move it to trixie/libxml-parseerr.patch. * d/control: update build-deps to require rust >= 1.86, libxml >= 2.14. chromium (139.0.7258.127-1) unstable; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. chromium (139.0.7258.127-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. . chromium (139.0.7258.66-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: Replace elfutils build-dep with llvm-19 for switch to llvm-strip. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes chromium (139.0.7258.127-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. chromium (139.0.7258.66-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: Replace elfutils build-dep with llvm-19 for switch to llvm-strip. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes chromium (139.0.7258.66-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: - Replace elfutils build-dep with llvm-19 for switch to llvm-strip. - Update rustc-web build-dep to >= 1.84. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. - bookworm/gn-absl.patch: refresh. - bookworm/rust-is-none-or.patch: drop, thanks to newer rustc-web. - bookworm/rust-unstable-features.patch: drop - newer rustc-web. - bookworm/bubble-contents.patch: drop, no longer needed. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes courier (1.4.1-3+deb13u1) trixie; urgency=medium . * Add debian/courier-webadmin.init and debian/courier-webadmin.service (closes: #1111836). * Add debian/tests/smoke-webadmin. * Add debian/courier-webadmin.links to create a cgi-bin link. * Add debian/patches/webadmin-restart-commands.patch. * debian/control: Add "Pre-Depends: ${misc:Pre-Depends}". * debian/courier.base.postinst: - Remove the dpkg-statoverride for /var/lib/courier, which diverged from upstream and caused problems with webadmin. * debian/courier-base.postrm: Remove the deletion of the dpkg-statoverride for /var/lib/courier. * debian/courier-webadmin.config: Remove the courier-webadmin/install-cgi section. * debian/courier-webadmin.dirs: Remove the unnecessary etc/courier/webadmin entry. * debian/courier-webadmin.install: - Install the new etc/courier/webadmin/restartcmd. - Install /etc/courier/webadmin/password. * debian/courier-webadmin.postinst: - Remove the processing of the now-removed install-cgi debconf question. - Stop manually creating and setting permissions for /etc/courier/webadmin/password. - Add a dpkg-statoverride for /etc/courier/webadmin/password. * debian/courier-webadmin.postrm: - Remove the processing of the now-removed install-cgi debconf question. - Remove the webadmin socket on purge if it was left behind by the service. - Remove the dpkg-statoverride for /etc/courier/webadmin/password on purge. * debian/courier-webadmin.README.Debian: - Refactor to reflect the new, non-SUID webadmin architecture. - Add information about enabling cgi-bin symlinks. * debian/courier-webadmin.templates: Remove obsolete install-cgi question. The link is now created automatically on install. * debian/rules: Create an empty /etc/courier/webadmin/password file. * debian/tests/control: Enable the smoke-webadmin test. debian-installer (20250803+deb13u1) trixie; urgency=medium . * Bootstrap trixie stable branch: - Set USE_PROPOSED_UPDATES=1 in debian/rules - Set USE_UDEBS_FROM?=trixie in build/config/common * Bump Linux kernel ABI to 6.12.43+deb13. * Adjust linux-image build-deps accordingly. * Add a workaround for a GRUB graphics initialisation bug (#1110759): adding a simple text output before switching terminal_output to gfxterm makes the graphical display work on older machines. With many thanks to Fab Stz for drawing our attention to this problem and the proposed workaround. debian-installer-netboot-images (20250803+deb13u1) trixie; urgency=medium . * Update to 20250803+deb13u1, from trixie-proposed-updates. * Update DISTRIBUTION and DISTRIBUTION_FALLBACK for the trixie branch. debian-installer-netboot-images (20250803) unstable; urgency=medium . [ Holger Levsen ] * Fix missing build dependency on apt, thanks to Jochen Sprickerhof (Closes: #1099535). Packages which are installed on the buildds but which are not listed in Build-Depends are not recorded in .buildinfo files. Thus rebuilding (e.g. on reproduce.debian.net) then fails. . [ Cyril Brulebois ] * Update supported architectures: - Delete mips64el * Clean debian/rules: - Delete (unused and incomplete) UNSUPPORTED_ARCHITECTURES. * Update for D-I Trixie RC 3. desktop-base (13.0.4) trixie; urgency=medium . [ Aurélien COUDERC ] * Fix ceratopsian-theme’s plymouth password/fsck prompts off-center on multi-monitor mixed-resolution set-ups. Thanks Shaun Lewis for the patch. (Closes: #1110858) devscripts (2.25.15+deb13u1) trixie; urgency=medium . * Team upload. * Update branch in gbp.conf & Vcs-Git URL. * debchange: trixie is now stable, forky is testing. dpdk (24.11.3-1~deb13u1) trixie; urgency=medium . * Upload to trixie . dpdk (24.11.3-1) unstable; urgency=medium . * New upstream release 24.11.3. For a full list of changes in 24.11.3 see: https://doc.dpdk.org/guides/rel_notes/release_24_11.html ethtool (1:6.14.2-1) trixie; urgency=medium . * New upstream release: 6.14.2 . [ Salvatore Bonaccorso ] * debian/salsa-ci.yml: Set release to trixie * netlink: fix print_string when the value is NULL firebird3.0 (3.0.12.ds7-13+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference (Closes: #1111321) firebird4.0 (4.0.5.3140.ds6-17+deb13u1) trixie-security; urgency=medium . * cherry pick fix for CVE-2025-54989 from upstream (Closes: #1111320) * cherry pick fix for CVE-2025-24975 from upstream (Closes: #1111322) * switch debian-branch to debian/trixie-security in gbp.conf firefox-esr (128.14.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. firefox-esr (128.14.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. flvstreamer (2.1c1-2+deb13u1) trixie; urgency=medium . * debian/gbp.conf: Work in debian/trixie branch * Revert "Build and install all programs of `progs` target in Makefile (Closes: #1098981) galera-4 (26.4.23-0+deb13u1) trixie; urgency=medium . * New upstream release 26.4.23. Includes multiple bug fixes, see https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.23.txt * Drop patch to fix garbd's -w/WORK_DIR parameter that is now applied upstream galera-4 (26.4.23-0+deb12u1) bookworm; urgency=medium . * New upstream release 26.4.23. Includes multiple bug fixes, see https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.23.txt https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.22.txt https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.21.txt * New upstream release fixes garbd's -w/WORK_DIR parameter (Closes: #1088076) git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 glib2.0 (2.84.4-3~deb13u1) trixie; urgency=medium . * Go back to debian/trixie branch for a stable update * d/tests/manual/1065022.sh: Update manual test script used to reproduce and test fixes for #1065022 - Adapt to upgrade from bookworm to trixie, rather than bookworm to sid - Optionally reproduce #1110696 instead - Optionally test the extra safety checks in the postrm - Add a simpler mechanism to test proposed packages for either bookworm or trixie - Improve diagnostic output . glib2.0 (2.84.4-3) unstable; urgency=medium . * d/control: Generate the intended Provides in libgirepository-2.0-0 . glib2.0 (2.84.4-2) unstable; urgency=medium . * Mention #1110640 in previous changelog entry * libgirepository-2.0-0: Generate a dependency on a virtual package for libffi-related symbols, to avoid trouble during future libffi ABI transitions (Closes: #1110825) * libglib2.0-0t64: Make maintainer scripts shellcheck-clean * libglib2.0-0t64.postrm: - Refactor to use functions that early-return if we do not want to do the cleanup, avoiding stacking conditionals - Don't remove cache files if they would be non-empty, guarding against issues similar to #1065022 and #1110696 (mitigates: #1110696) * libglib2.0-0t64.preinst: Disarm libglib2.0-0 postrm for all architectures, avoiding a corner case where the faulty postrm that suffered from #1065022 would still exist if it belonged to a former foreign architecture that was already disabled, but libglib2.0-0 from that architecture was still in removed-but-not-purged state, resulting in #1065022 recurring when that version of libglib2.0-0 was subsequently purged (Closes: #1110696) * d/tests/1065022-futureproofing: - Fix a test regression by generating a versioned Provides when building a mockup of a hypothetical future libglib2.0-0xyz. This regression wasn't immediately obvious because the autopkgtest is marked as flaky (it depends on various implementation details which we can't completely rely on). - Make sure required packages stay installed, failing the test early if their dependencies cannot be satisfied - Produce only TAP output on stdout, and a diagnostic log on stderr - Improve diagnostic output . glib2.0 (2.84.4-1) unstable; urgency=medium . * d/control, d/gbp.conf: Use debian/forky packaging branch. The debian/latest branch is now tracking 2.85.x for Debian experimental. * New upstream stable release - Ensure that generating temporary file names does not access memory outside the intended array of alphanumeric characters if a long-running program generates billions of temporary file names (CVE-2025-7039, glib#3716 upstream; believed to be unlikely to be exploitable in practice. Closes: #1110640) - Fix the intended ability for g_settings_bind_with_mapping_closures() to copy a value to the destination object (glib!4667 upstream) - If creating a thread pool fails, report a recoverable error instead of crashing with a fatal error (glib#3712 upstream) - Fix several memory leaks (glib#3721, glib!4702 upstream) glib2.0 (2.84.4-2) unstable; urgency=medium . * Mention #1110640 in previous changelog entry * libgirepository-2.0-0: Generate a dependency on a virtual package for libffi-related symbols, to avoid trouble during future libffi ABI transitions (Closes: #1110825) * libglib2.0-0t64: Make maintainer scripts shellcheck-clean * libglib2.0-0t64.postrm: - Refactor to use functions that early-return if we do not want to do the cleanup, avoiding stacking conditionals - Don't remove cache files if they would be non-empty, guarding against issues similar to #1065022 and #1110696 (mitigates: #1110696) * libglib2.0-0t64.preinst: Disarm libglib2.0-0 postrm for all architectures, avoiding a corner case where the faulty postrm that suffered from #1065022 would still exist if it belonged to a former foreign architecture that was already disabled, but libglib2.0-0 from that architecture was still in removed-but-not-purged state, resulting in #1065022 recurring when that version of libglib2.0-0 was subsequently purged (Closes: #1110696) * d/tests/1065022-futureproofing: - Fix a test regression by generating a versioned Provides when building a mockup of a hypothetical future libglib2.0-0xyz. This regression wasn't immediately obvious because the autopkgtest is marked as flaky (it depends on various implementation details which we can't completely rely on). - Make sure required packages stay installed, failing the test early if their dependencies cannot be satisfied - Produce only TAP output on stdout, and a diagnostic log on stderr - Improve diagnostic output glib2.0 (2.84.4-1) unstable; urgency=medium . * d/control, d/gbp.conf: Use debian/forky packaging branch. The debian/latest branch is now tracking 2.85.x for Debian experimental. * New upstream stable release - Ensure that generating temporary file names does not access memory outside the intended array of alphanumeric characters if a long-running program generates billions of temporary file names (CVE-2025-7039, glib#3716 upstream; believed to be unlikely to be exploitable in practice) - Fix the intended ability for g_settings_bind_with_mapping_closures() to copy a value to the destination object (glib!4667 upstream) - If creating a thread pool fails, report a recoverable error instead of crashing with a fatal error (glib#3712 upstream) - Fix several memory leaks (glib#3721, glib!4702 upstream) gnome-control-center (1:48.4-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set packaging branch for trixie stable updates . gnome-control-center (1:48.4-1) unstable; urgency=medium . * Team upload * d/control, d/gbp.conf, d/watch: Limit to 48.x versions. We'll stick to 48.x in testing/unstable for now, to get better testing for 48.x updates in trixie later. * New upstream stable release - In the Power panel, move the General section to the top, avoiding a UI reflow when the notice recommending automatic suspend is shown or hidden (gnome-control-center#3373 upstream) - Disable Pango markup when displaying errors from gnome-online-accounts, fixing display of some error messages that contain URLs - Translation updates gnome-online-accounts (3.54.5-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release with these fixes (Closes: #1111674): - Adding GOA account fails with sonic.net IMAP service - Cannot add a ProtonMail bridge with IMAP + TLS - Nextcloud login does not work anymore due to OPTIONS /login request - Linked online accounts no longer work - Invalid URI when adding Google account - goamsgraphprovider: ensure a valid PresentationIdentity - goadaemon: complete GTasks to avoid a scary debug warning - Fix Nextcloud and mailbox.org preconfiguration - Add DAV preconfig for mail.ru - Authentication failure in goa IMAP accounts - Handle unexpected casing in domain names - Various translations updates * debian/gbp.conf: branch for trixie gnome-online-accounts (3.54.3-2) experimental; urgency=medium . * Disable Microsoft provider (Closes: #1100711) - It only handles email but Microsoft 365 handles email, calendar, contacts, and files - It was removed from GNOME 49 gnome-online-accounts (3.54.3-1) experimental; urgency=medium . * New upstream bugfix release gnome-shell (48.4-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set packaging branch for trixie stable updates . gnome-shell (48.4-1) unstable; urgency=medium . * Team upload * New upstream stable release - network: If a network has no ID, don't treat it as available, avoiding breaking the network menu (gnome-shell!3785 upstream) - Improve URL recognition heuristic for notifications so that non-URLs do not become a link (gnome-shell#8517 upstream) - In gdm, improve efficiency of user list (gnome-shell!3799 upstream) - Fix signal order when taking a screenshot interactively is triggered via D-Bus, for example from xdg-desktop-portal (gnome-shell#8499 upstream) - Improve cursor scaling on systems with different-DPI monitors when using the Magnifier accessibility tool (gnome-shell!475 upstream) - In sliders like volume and brightness, avoid drawing part of the bar over the handle in RTL locales (gnome-shell!3817 upstream) - Improve robustness of signal connections in the Thunderbolt and smart-card code (gnome-shell!3796 upstream) - Code cleanups in extensions management service (part of gnome-shell!3750 upstream) - Translation updates * d/control: Bump gjs version to 1.81.2 as per meson.build. No practical effect, 1.82.x is already in trixie. * d/gbp.conf: Use debian/forky branch for uploads targeting forky. We'll stick to 48.x in testing/unstable for now, to get better testing for future 48.x updates in trixie. Preliminary 49.x packaging for experimental is already using the debian/latest branch. golang-github-gin-contrib-cors (1.4.0-1+deb13u1) trixie; urgency=medium . * CVE-2019-25211 fix handling of wildcards golang-github-gin-contrib-cors (1.4.0-1+deb12u1) bookworm; urgency=medium . * CVE-2019-25211 fix handling of wildcards gssdp (1.6.4-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release - Improve reproducibility of gssdp-enums.c - Fix issues with Since: and Deprecated: declarations in documentation (Closes: #1111683) imagemagick (8:7.1.1.43+dfsg1-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-53014: A heap buffer overflow was found in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). (Closes: #1109339) * Fix CVE-2025-53015: Infinite loop occur when writing during a specific XMP file conversion command (Closes: #1109339) * Fix CVE-2025-53019: `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak (Closes: #1109339) * Fix CVE-2025-53101: `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()` (Closes: #1109339) * Fix CVE-2025-43965: In MIFF image processing, image depth is mishandled after SetQuantumFormat is used. * Fix CVE-2025-46393: In multispectral MIFF image processing, packet_size is mishandled. init-system-helpers (1.69~deb13u1) trixie; urgency=medium . * Upload to trixie . init-system-helpers (1.69) unstable; urgency=medium . * Add postinst to hotfix an upgrade bug on certain newly live-installed systems built using Trixie's live-build (Closes: #1111039) installation-guide (20250803+deb13u1) trixie; urgency=medium . * Add Ukrainian (new translation) and Hungarian (re-completed) to langlist, to make them appear in the package and on the website. * Fix boot-dev-select-arm64 and armhf-armmp-supported-platforms hyperlinks. iperf3 (3.18-2+deb13u1) trixie; urgency=high . * Fix no-dsa security issues: - CVE-2025-54349 - CVE-2025-54350 kamailio (6.0.1-1+deb13u1) trixie; urgency=medium . * Team upload * Check only major OpenSSL version (Closes: #1110867) libadwaita-1 (1.7.6-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release 1.7.5 - Explicitly set the size of a custom avatar image, avoiding a regression with GTK 4.19.x (libadwaita!1492 upstream) - Always set the document font name, even if all of the debug environment variables ADW_DEBUG_HIGH_CONTRAST, ADW_DEBUG_COLOR_SCHEME and DEBUG_ACCENT_COLOR are set (libadwaita#1042 upstream) - Slightly increase the window border radius for AdwTabOverview (libadwaita!1489 upstream) - Fix an assertion failure when showing a "toast" notification while its hiding animation is still in progress (libadwaita#997 upstream) - Fix some memory leaks - CI updates, not relevant to how this package is built in Debian * New upstream bugfix release 1.7.6 (Closes: #1111847) - Make cancelling an alert dialog go through the same code path as the user interacting with it (libadwaita!1511 upstream) - Avoid type-check warnings when a dialog is presented as a window (libadwaita!1519 upstream) - Fix keyboard activation on AdwButtonRow inside AdwDialog presented as a window (libadwaita#1062 upstream) - Crash with a somewhat graceful assertion error if a layout slot is invalidly constructed without an ID, instead of segfaulting (libadwaita#1059 upstream) - Fix a memory leak (libadwaita#1067 upstream) - Avoid AdwNavigationPage "showing" and "hidden" signals being spuriously triggered when swiping left on a touchscreen (libadwaita#1065 upstream) - Make tab overview buttons easier to press on touchscreens (libadwaita#1039 upstream) - Fix scan-build warnings by programming more defensively (libadwaita!1517 upstream) - Remove some dead code (libadwaita!1521 upstream) * debian/gbp.conf: branch for trixie libcgi-simple-perl (1.282-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie . libcgi-simple-perl (1.282-1) unstable; urgency=medium . * Team upload. * Import upstream version 1.282. - Sanitize all user-supplied values before inserting into HTTP headers (CVE-2025-40927) * Drop "Port latest header-injection refinement from CGI.pm" libcoap3 (4.3.4-1.1+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-0962 (Closes: #1061704) fix stacked-based buffer overflow * CVE-2024-31031 (Closes: #1070362) fix unsigned integer overflow libreoffice (4:25.2.3-2+deb13u2) trixie; urgency=medium . * debian/patches/avmedia-qt-use-gstreamer-frame-grabber-by-default.diff: add back * debian/patches/qt-Consolidate-to-one-toOUString-helper.diff: add from upstream; fixes --enable-qt6 builds with the above . * debian/rules: - remove USE_GSTREAMER=n setting on build-indep since it somehow also affects the AVMEDIA conditional which makes build-indep builds loose the gallery sound files (closes: #1108832), and move the gstreamer -dev packages from B-D-A to B-D consequently libreoffice (4:25.2.3-2+deb13u1) trixie; urgency=medium . * debian/patches/add-EUR-for-Bulgaria-Lew.diff: add Euro support for Bulgaria from libreoffice-25-8 branch (to-be 25.8.1) librepo (1.20.0-1~deb13u1) trixie; urgency=medium . * Upload to trixie . librepo (1.20.0-1) unstable; urgency=medium . * Improve handling of SELinux in the Debian packaging * Update upstream source from tag 'upstream/1.20.0' * Drop patches merged upstream * d/control: bump Standards-Version to 4.7.2, no changes * d/copyright: use GPL URL instead of old FSF postal address * Add new symbols to librepo0.symbols libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u1) trixie-security; urgency=high . * CVE-2025-7425: heap-use-after-free in xmlFreeID caused by `atype` corruption (Closes: #1109122) libxslt (1.1.35-1.2+deb13u1) trixie-security; urgency=medium . * Fix information disclosure with improved memory handling of generated-id() (Closes: #1108074, CVE-2023-40403) * Fix type confusion in xmlNode.psvi between stylesheet and source nodes (Closes: #1109123, CVE-2025-7424) linux (6.12.43-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux (6.12.41-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie linux-signed-amd64 (6.12.43+1) trixie; urgency=medium . * Sign kernel from linux 6.12.43-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux-signed-amd64 (6.12.41+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.41-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie linux-signed-arm64 (6.12.43+1) trixie; urgency=medium . * Sign kernel from linux 6.12.43-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux-signed-arm64 (6.12.41+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.41-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie live-boot (1:20250815~deb13u1) trixie; urgency=medium . * Upload to trixie . live-boot (1:20250815) unstable; urgency=medium . [ Roland Clobus ] * Don't verify with all checksum files . [ Luca Boccassi ] * Remove live-build's os-release on removal (Closes: #1111039) live-build (1:20250505+deb13u1) trixie; urgency=medium . * Remove os-release diversions once rootfs creation is finished (Closes: #1111039) * Install live-specific os-release only with --system live mame (0.276+dfsg.1-1+deb13u1) trixie; urgency=medium . * Build translations explicitly in the -build-indep target. Translations have been missing since the build was split (closes: #1109978). mariadb (1:11.8.3-0+deb13u1) trixie; urgency=medium . * New upstream maintenance release 11.8.3. For details about fixes please see https://mariadb.com/kb/en/mariadb-11-8-3-release-notes/ * Drop Hurd patches that are now included upstream * Update configuration traces to include new upstream system variables: - analyze-max-length (default: 4294967295) - innodb-linux-aio (default: auto) * Suppress new native AIO warning introduced in upstream a87bb96 to avoid mariadb-test-run failing on something that isn't a real issue * New upstream release includes fix for MDEV-36815 that yielded "ERROR 1267 (HY000): Illegal mix of collations" on some systems when restarting the MariaDB service in Debian (Closes: #1104533) * Remove obsolete cleanup as upstream moved pam_mariadb_mtr.so in c05b1fe * Salsa CI: Remove Buster upgrades and ignore missing Trixie ones * Start branch debian/13-trixie for stable updates mate-sensors-applet (1.26.0-1+deb13u1) trixie; urgency=medium . [ A Mennucc1 ] * NMU to fix: "Crashes on Trixie", thanks to Gleb Golubitsky (Closes: #1100414). mmdebstrap (1.5.7-1+deb13u1) trixie; urgency=medium . [ Jochen Sprickerhof ] * Support numeric UID in /etc/sub[ug]id . [ Johannes Schauer Marin Rodrigues ] * add test for numeric UID in /etc/sub[ug]id modemmanager (1.24.0-1+deb13u1) trixie; urgency=medium . * d/gbp.conf: target stable branch * d/patches: backport upstream fix for Fibocom FM350-GL (Closes: #1110197) mozjs128 (128.14.0-1~deb13u1) trixie; urgency=medium . * New upstream release (Closes: #1111591) - CVE-2025-9181: Uninitialized memory in the JavaScript Engine component - CVE-2025-9185: Memory safety bugs * Branch for trixie network-manager-openvpn (1.12.3-1~deb13u1) trixie; urgency=medium . * Switch debian-branch to debian/trixie * Rebuild for trixie network-manager-openvpn (1.12.2-2) unstable; urgency=medium . * Rename debian-branch to debian/latest as per DEP-14 network-manager-openvpn (1.12.2-1) unstable; urgency=medium . * New upstream version 1.12.2 * Bump Standards-Version to 4.7.2 nginx (1.26.3-3+deb13u1) trixie; urgency=medium . * d/p/CVE-2025-53859.patch add, fix potential information leak in ngx_mail_smtp_module (CVE-2025-53859). node-cipher-base (1.0.4-6+deb13u1) trixie-security; urgency=medium . * Team upload * Add patch to return valid values on multi-byte-wide TypedArray input (Closes: #1111772: node-cipher-base: CVE-2025-9287) node-cipher-base (1.0.4-6+deb12u1) bookworm-security; urgency=medium . * Team upload * Add patch to return valid values on multi-byte-wide TypedArray input (Closes: #1111772: node-cipher-base: CVE-2025-9287) node-tmp (0.2.2+dfsg+~0.2.3-1.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . node-tmp (0.2.2+dfsg+~0.2.3-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54798: Arbitrary file write (Closes: #1110532) node-tmp (0.2.2+dfsg+~0.2.3-1.1~deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm. . node-tmp (0.2.2+dfsg+~0.2.3-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54798: Arbitrary file write (Closes: #1110532) open-iscsi (2.1.11-1+deb13u1) trixie; urgency=medium . * [f3d17cf] initramfs: ensure that /var/lib exists. Thanks to Leon Blakey (Closes: #1103644) openjpeg2 (2.5.3-2.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . openjpeg2 (2.5.3-2.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header() (Closes: #1110443) orca (48.1-1+deb13u1) trixie; urgency=medium . * control: Add python3-setproctitle and python3-psutil dependencies. orphan-sysvinit-scripts (0.21+deb13u1) trixie; urgency=high . * Make mdadm scripts trigger on mdmonitor.service, mdmon@.service, since mdadm.service got removed (Closes: #1110746) pcre2 (10.46-1~deb13u1) trixie; urgency=high . * New upstream release to fix CVE-2025-58050 (Closes: #1112278) postfix (3.10.4-1~deb13u1) trixie; urgency=medium . * New upstream stable/bugfix version 3.10.4, with a handful of fixes. From the upstream release notes: - Fixes for postscreen(8): * Bugfix (defect introduced: Postfix 2.2, date 20050203): after detecting a lookup table change, and after starting a new postscreen process, the old postscreen process logged an ENOTSOCK error while attempting to accept a connection on a socket that it was no longer listening on. This error was introduced first in the multi_server skeleton code, and was five years later duplicated in the event_server skeleton that was created for postscreen. Problem reported by Florian Piekert. * Bugfix (defect introduced: Postfix 2.8, date 20101230): after detecting a cache table change and before starting a new postscreen process, the old postscreen process did not close the postscreen_cache_map, and therefore kept an exclusive lock that could prevent a new postscreen process from starting. Problem reported by Florian Piekert. - Fixes for tlsproxy(8): * Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support for the legacy configuration parameters tlsproxy_client_level and tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a legacy parameter was set (instead of the newer tlsproxy_client_security_level or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor Dukhovni. * Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by configuration, the tlsproxy daemon dereferenced a null pointer while handling a tlsproxy client request. Reported by John Doe. - Reducing process churn: Postfix daemons no longer automatically restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when they opened that table for writing. - Portability: deleted an build dependency, because the feature is being removed from OpenSSL, and Postfix no longer needs it. - Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer maintain TLSRPT statistics for messages that contain a "TLS-Required: no" header. This can prevent TLSRPT notifications for TLSRPT notifications. - Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS client code logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection" (right), for a new or resumed TLS session, when a server offered a trusted (valid PKI trust chain) certificate that did not match the expected server name pattern. Fix by Viktor Dukhovni. * d/gbp.conf: debian-branch=debian/trixie * configure-instance.in: fix typo * configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs * configure-instance.in: use home-grown file copy procedure to sync chroot There are a few issues with using cp(1) to update files in chroot, - a file should be copied even if the source date is *less* than the target date (eg, if a package has been downgraded), which is not done by `cp -u` (#1110704), a file should be copied atomically (copy+rename, not truncate+copy), and care should be taken with extra attributes (#1100100). Use a simple perl-based script (using just perl-base) to update files instead, which fixes all this stuff. (Closes: #1100100, #1110704) postfix (3.10.3-3) unstable; urgency=medium . * configure-instance.in: fix typo * configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs * configure-instance.in: use home-grown file copy procedure to sync chroot There are a few issues with using cp(1) to update files in chroot, - a file should be copied even if the source date is *less* than the target date (eg, if a package has been downgraded), which is not done by `cp -u` (#1110704), a file should be copied atomically (copy+rename, not truncate+copy), and care should be taken with extra attributes (#1100100). Use a simple perl-based script (using just perl-base) to update files instead, which fixes all this stuff. (Closes: #1100100, #1110704) postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. ptyxis (48.5-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set branches for trixie stable updates . ptyxis (48.5-1) unstable; urgency=medium . * Team upload * New upstream bugfix release - When saving tab state, if the terminal does not have a title, save the tab's initial title instead (ptyxis#428 upstream) - Use the same code for menu -> Show Open Tabs -> New Tab that was already used for Menu -> New Tab, fixing propagation of zoom settings to the newly created tab (ptyxis#435 upstream) - Don't try to chdir() to a working directory that does not have +x permission - Use g_set_str() for less error-prone property setting - Ensure that interface-style action isn't freed prematurely, and explicitly remove it when the window is destroyed, fixing a possible use-after-free when switching between dark and light modes (ptyxis#440 upstream) * Standards-Version: 4.7.2 (no changes required) pyraf (2.2.2-4~deb13u1) trixie; urgency=medium . * Fix graphical init for work with Python 3.13. Closes: #1110708 * Upload to stable qemu (1:10.0.3+ds-0+deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.3 release - hvf: arm: Emulate ICC_RPR_EL1 accesses properly - target/arm: Correct encoding of Debug Communications Channel registers https://gitlab.com/qemu-project/qemu/-/issues/2986 - ui: fix setting client_endian field defaults - hw/net/npcm_gmac.c: Send the right data for second packet in a row - target/i386: do not expose ARCH_CAPABILITIES on AMD CPU - i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] - i386/cpu: Fix overflow of cache topology fields in CPUID.04H - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - ui/vnc: Do not copy z_stream - vhost: Fix used memslot tracking when destroying a vhost device - roms: re-remove execute bit from hppa-firmware* - file-posix: Fix aio=reads performance regression after enablign FUA https://issues.redhat.com/browse/RHEL-96854 - amd_iommu: Fix truncation of oldval in amdvi_writeq - amd_iommu: Remove duplicated definitions - amd_iommu: Fix the calculation for Device Table size - amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE - amd_iommu: Fix masks for various IOMMU MMIO Registers - amd_iommu: Update bitmasks representing DTE reserved fields - amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command - amd_iommu: Fix Miscellaneous Information Register 0 encoding - virtio-net: Add queues for RSS during migration - net: fix buffer overflow in af_xdp_umem_create() - accel/kvm: Adjust the note about the minimum required kernel version - linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC - migration: Don't sync volatile memory after migration completes - linux-user: Hold the fd-trans lock across fork https://gitlab.com/qemu-project/qemu/-/issues/2846 - linux-user: Check for EFAULT failure in nanosleep - linux-user: Implement fchmodat2 syscall https://gitlab.com/qemu-project/qemu/-/issues/3019 - hw/arm/fsl-imx8mp: Wire VIRQ and VFIQ - target/arm: Don't enforce NSE,NS check for EL3->EL3 returns https://gitlab.com/qemu-project/qemu/-/issues/3016 - target/i386: fix TB exit logic in gen_movl_seg() when writing to SS https://gitlab.com/qemu-project/qemu/-/issues/2987 - target/arm: Fix bfdotadd_ebf vs nan selection - target/arm: Fix f16_dotadd vs nan selection - target/arm: Fix PSEL size operands to tcg_gen_gvec_ands - target/arm: Fix 128-bit element ZIP, UZP, TRN - target/arm: Fix sve_access_check for SME - target/arm: Fix SME vs AdvSIMD exception priority - hw/s390x/ccw-device: Fix memory leak in loadparm setter - virtio-gpu: support context init multiple timeline - target/arm: Correct KVM & HVF dtb_compatible value - target/arm: Make RETA[AB] UNDEF when pauth is not implemented - tcg: Fix constant propagation in tcg_reg_alloc_dup https://gitlab.com/qemu-project/qemu/-/issues/3002 - target/loongarch: fix vldi/xvldi raise wrong error - target/loongarch: add check for fcond - linux-user/arm: Fix return value of SYS_cacheflush - hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions - qemu-options.hx: Fix reversed description of icount sleep behavior - hw/arm/virt: Check bypass iommu is not set for iommu-map DT property - hw/loongarch/virt: Fix big endian support with MCFG table - hw/core/qdev-properties-system: Add missing return in set_drive_helper() - iotests: fix 240 - target/i386: Remove FRED dependency on WRMSRNS - hw/audio/asc: fix SIGSEGV in asc_realize() - audio: fix size calculation in AUD_get_buffer_size_out() - audio: fix SIGSEGV in AUD_get_buffer_size_out() - hw/i386/amd_iommu: Fix xtsup when vcpus < 255 - hw/i386/amd_iommu: Fix device setup failure when PT is on. - hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine - vhost: Don't set vring call if guest notifier is unused - hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info - ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats - ui/vnc: take account of client byte order in pixman format - ui/vnc.c: replace big endian flag with byte order value - ui/sdl: Consider scaling in mouse event handling - ui/gtk: Update scales in fixed-scale mode when rendering GL area - gtk/ui: Introduce helper gd_update_scale - ui/gtk: Use consistent naming for variables in different coordinates - ui/gtk: Document scale and coordinate handling - hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts - hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang * d/control.mk: 10.0.3+ds * d/gbp.conf: switch to debian/trixie branch * d/watch: switch to 10.0.x branch * qemu-img-options.patch: adjust help text for "convert" subcommand This patch has been accepted upstrem but without the new option, - do not mention it in help so debian users don't get used to it (the option is accepted still) * d/rules: fix typo in comment (it is qemu-system-data, not qemu-user-data) * d/qemu-user.postinst: trigger /usr/lib/binfmt.d (Closes: #1110982) qemu (1:10.0.2+ds-2+deb13u1) trixie-security; urgency=medium . * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration. qemu-user binaries were never meant to be used in suid/sgid scenarios, but was used in debian since late 2009. Any foreign suid/sgid binary accessible to the users, in presence of qemu-user binfmt, is trivially exploitable to gain elevated privileges. This change might break existing setups since for many years people relied on qemu-user binfmt working with suid binaries, but this is a situation where it is definitely better be safe than sorry. * pcie_sriov-Fix-configuration-and-state-synchronizati.patch (Closes: #1109989, CVE-2025-54566, CVE-2025-54567) qemu (1:10.0.2+ds-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports: - disable libblkio - realize pkg.qemu.use-upstream-vdso build profile - disable capstone for qemu-user on arm64 (fails to link) rabbitmq-server (4.0.5-6+deb13u1) trixie; urgency=medium . * Fix rabbitmq-server broken plugin versions by applying patch from the BTS. Thanks to Stefan Bühler for it (Closes: #1110519). . [ Andreas Hasenack ] * Add many autopkgtest. remind (05.03.07-1+deb13u1) trixie; urgency=medium . * fixes buffer overflow in DUMPVARS (Closes: #1111581) renpy (8.3.4+dfsg-2+deb13u1) trixie; urgency=medium . * Fix fonts-roboto -> fonts-robot-hinted breakage (Closes: #1111365) resource-agents (1:4.16.0-3+deb13u1) trixie; urgency=medium . * debian/patches: fix to avoid duplicate route issues (Closes: #1109925) rkward (0.8.0-4.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . rkward (0.8.0-4.1) unstable; urgency=medium . * Non-maintainer upload. * Backport upstream fixes for R 4.5. (Closes: #1103204) . rkward (0.8.0-4) unstable; urgency=medium . * Team upload. * Bump Standards-Version to 4.7.2, no changes required. * Simplify GPL license text in debian/copyright. * Use the system version of kdsingleapplication: - backport upstream commit 997c8a7280fe0f99a29465f67b56fd001cdac4e1; patch upstream_Make-it-possible-to-build-against-system-kdsingleapp.patch - add the libkdsingleapplication-qt6-dev build dependency rkward (0.8.0-4) unstable; urgency=medium . * Team upload. * Bump Standards-Version to 4.7.2, no changes required. * Simplify GPL license text in debian/copyright. * Use the system version of kdsingleapplication: - backport upstream commit 997c8a7280fe0f99a29465f67b56fd001cdac4e1; patch upstream_Make-it-possible-to-build-against-system-kdsingleapp.patch - add the libkdsingleapplication-qt6-dev build dependency samba (2:4.22.4+dfsg-1~deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 - https://bugzilla.samba.org/show_bug.cgi?id=15663: Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine) - https://bugzilla.samba.org/show_bug.cgi?id=15816: vfs_streams_depot fstatat broken - https://bugzilla.samba.org/show_bug.cgi?id=15840: kinit command is failing with Missing cache Error - https://bugzilla.samba.org/show_bug.cgi?id=15844: getpwuid does not shift to new DC when current DC is down - https://bugzilla.samba.org/show_bug.cgi?id=15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName - https://bugzilla.samba.org/show_bug.cgi?id=15877: Fix handling of empty GPO link - https://bugzilla.samba.org/show_bug.cgi?id=15880: SMB ACL inheritance doesn't work for files created - https://bugzilla.samba.org/show_bug.cgi?id=15881: Unresponsive second DC can cause idmapping failure when using idmap_ad (was libads-fix-get_kdc_ip_string.patch) - https://bugzilla.samba.org/show_bug.cgi?id=15891: Figuring out the DC name from IP address fails and breaks fork_domain_child() - https://bugzilla.samba.org/show_bug.cgi?id=15892: Delayed leader broadcast can block ctdb forever * libads-fix-get_kdc_ip_string.patch: remove, included upstream * d/gbp.conf: debian-branch=debian/4.22 sbuild (0.89.3+deb13u1) trixie; urgency=medium . [ Richard Lewis ] * man/sbuild.1.in: fix typo in markup . [ Hiraku Toyooka ] * Allow BUILD_PATH being empty also in command line options . [ Jochen Sprickerhof ] * Fix typo in help string * Support UID in /etc/sub(u|g)id (Closes: #1110876) * Fix build path permissions when building as root * Always append newline in binNMU changelog. Thanks to mjt (Closes: #1111776) shaarli (0.14.0+dfsg-2) trixie; urgency=medium . * Add patch to fix CVE-2025-55291 (Closes: #1111589) sound-theme-freedesktop (0.8-6~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Branch for trixie * Rebuild for trixie sound-theme-freedesktop (0.8-5) experimental; urgency=medium . * debian/sound-theme-freedesktop.links: - Link front-center sample to audio-channel-mono so that testing a mono bluetooth speaker plays a real sound rather than just white noise. (LP #1703946) strongswan (6.0.1-6+deb13u1) trixie; urgency=medium . * d/patches: add patches to fix OpenSSL 3.5.1 support (Closes: #1109942) systemd (257.8-1~deb13u1) trixie; urgency=medium . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 systemd-boot-efi-amd64-signed (257.8+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u1 . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 systemd-boot-efi-arm64-signed (257.8+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u1 . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 thunar (4.20.2-1+deb13u1) trixie; urgency=medium . * d/patches: add fix to always warn users before permanente deletion (Closes: #1110905) thunderbird (1:128.14.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:128.14.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security timescaledb (2.19.3+dfsg-1+deb13u1) trixie; urgency=medium . * Disable append test, fails with PG 17.6. (Closes: #1112190) transmission (4.1.0~beta2+dfsg-3+deb13u1) trixie; urgency=medium . * fix GTK app crash when LANG=fr (Closes: #1108194, #1110257) tzdata (2025b-4+deb13u1) trixie; urgency=medium . * Backport leap second update from upstream udisks2 (2.10.1-12.1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) webkit2gtk (2.48.5-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. webkit2gtk (2.48.5-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. wolfssl (5.7.2-0.1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-7394: weak/predictable random numbers. (Closes: #1109549) ========================================================================= [Date: Sat, 06 Sep 2025 08:59:27 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: guix | 1.4.0-9 | source, amd64, arm64, armhf, i386, ppc64el, riscv64 Closed bugs: 1112248 ------------------- Reason ------------------- RoM; unsupportable; security issues ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:06 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x cdrom-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x crypto-dm-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x crypto-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x dasd-extra-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x dasd-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x ext4-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x f2fs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x fat-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x isofs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x kernel-image-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x linux-headers-6.12.41+deb13-s390x | 6.12.41-1 | s390x linux-image-6.12.41+deb13-s390x | 6.12.41-1 | s390x linux-image-6.12.41+deb13-s390x-dbg | 6.12.41-1 | s390x loop-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x md-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x mtd-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x multipath-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x nbd-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x nic-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x scsi-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x scsi-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x udf-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x xfs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 btrfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 cdrom-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 crypto-dm-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 crypto-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 drm-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ext4-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 f2fs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 fat-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 fb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 input-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 isofs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 jfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 kernel-image-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 linux-headers-6.12.41+deb13-riscv64 | 6.12.41-1 | riscv64 linux-image-6.12.41+deb13-riscv64 | 6.12.41-1 | riscv64 linux-image-6.12.41+deb13-riscv64-dbg | 6.12.41-1 | riscv64 loop-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 md-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mmc-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mmc-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mtd-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 multipath-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nbd-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-shared-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-usb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-wireless-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 pata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ppp-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 sata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-nic-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 squashfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 udf-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-serial-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-storage-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 xfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:45 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-amd64 | 6.12.41-1 | amd64 linux-headers-6.12.41+deb13-cloud-amd64 | 6.12.41-1 | amd64 linux-headers-6.12.41+deb13-rt-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64-unsigned | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64-unsigned | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64-unsigned | 6.12.41-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:18 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.41+deb13 | 6.12.41-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:36 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-arm64 | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-arm64-16k | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-cloud-arm64 | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-rt-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64-unsigned | 6.12.41-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:50 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-rpi | 6.12.41-1 | armel linux-image-6.12.41+deb13-rpi | 6.12.41-1 | armel linux-image-6.12.41+deb13-rpi-dbg | 6.12.41-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:02 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf btrfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf cdrom-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf crypto-dm-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf crypto-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf drm-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ext4-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf f2fs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf fat-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf fb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf input-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf isofs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf jfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf kernel-image-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-armmp | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-armmp-lpae | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-rt-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-dbg | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-lpae | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-lpae-dbg | 6.12.41-1 | armhf linux-image-6.12.41+deb13-rt-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-rt-armmp-dbg | 6.12.41-1 | armhf loop-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf md-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf mmc-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf mtd-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf multipath-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nbd-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-shared-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-usb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-wireless-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf pata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ppp-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf sata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-nic-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf sound-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf speakup-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf squashfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf udf-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf uinput-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-serial-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-storage-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:17 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el btrfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el cdrom-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el crypto-dm-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el crypto-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el drm-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ext4-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el f2fs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el fat-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el fb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el firewire-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el hypervisor-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el input-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el isofs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el jfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el kernel-image-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el linux-headers-6.12.41+deb13-powerpc64le | 6.12.41-1 | ppc64el linux-headers-6.12.41+deb13-powerpc64le-64k | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-64k | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-64k-dbg | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-dbg | 6.12.41-1 | ppc64el loop-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el md-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el mtd-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el multipath-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nbd-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-shared-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-usb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-wireless-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ppp-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el sata-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-nic-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el serial-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el squashfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el udf-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el uinput-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-serial-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-storage-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el xfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:33 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 btrfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 cdrom-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 crypto-dm-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 crypto-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 drm-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ext4-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 f2fs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 fat-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 fb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 firewire-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 input-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 isofs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 jfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 kernel-image-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64 | 6.12.41-1 | amd64 loop-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 md-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mmc-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mmc-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mtd-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 multipath-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nbd-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-pcmcia-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-shared-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-usb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-wireless-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pcmcia-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pcmcia-storage-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ppp-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 rfkill-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 sata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-nic-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 serial-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 sound-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 speakup-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 squashfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 udf-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 uinput-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-serial-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-storage-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 xfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:46 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 btrfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 cdrom-core-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 crypto-dm-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 crypto-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ext4-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 f2fs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 fat-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 fb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 input-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 isofs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 jfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 kernel-image-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64 | 6.12.41-1 | arm64 loop-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 md-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 mmc-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 multipath-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nbd-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-shared-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-usb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-wireless-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ppp-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 sata-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-core-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-nic-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 sound-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 speakup-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 squashfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 udf-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 uinput-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-serial-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-storage-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 xfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:16:14 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-common | 6.12.41-1 | all linux-headers-6.12.41+deb13-common-rt | 6.12.41-1 | all linux-support-6.12.41+deb13 | 6.12.41-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:18:47 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: debian-installer-13-netboot-mips64el | 20250515 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by debian-installer-netboot-images - based on source metadata) ---------------------------------------------- ========================================================================= ======================================= Sat, 09 Aug 2025 - Debian 13.0 released =======================================