====================================== Sat, 15 Nov 2025 - Debian 13.2 released ====================================== ========================================================================= [Date: Sat, 15 Nov 2025 09:44:31 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: librust-profiling-procmacros-dev | 1.0.16-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x rust-profiling-procmacros | 1.0.16-1 | source Closed bugs: 1115989 ------------------- Reason ------------------- RoM; unused ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:05 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x btrfs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x cdrom-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x cdrom-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x crypto-dm-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x crypto-dm-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x crypto-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x crypto-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x dasd-extra-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x dasd-extra-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x dasd-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x dasd-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x ext4-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x ext4-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x f2fs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x f2fs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x fat-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x fat-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x isofs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x isofs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x kernel-image-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x kernel-image-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x linux-headers-6.12.38+deb13-s390x | 6.12.38-1 | s390x linux-headers-6.12.48+deb13-s390x | 6.12.48-1 | s390x linux-image-6.12.38+deb13-s390x | 6.12.38-1 | s390x linux-image-6.12.38+deb13-s390x-dbg | 6.12.38-1 | s390x linux-image-6.12.48+deb13-s390x | 6.12.48-1 | s390x linux-image-6.12.48+deb13-s390x-dbg | 6.12.48-1 | s390x loop-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x loop-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x md-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x md-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x mtd-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x mtd-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x multipath-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x multipath-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x nbd-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x nbd-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x nic-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x nic-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x scsi-core-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x scsi-core-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x scsi-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x scsi-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x udf-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x udf-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x xfs-modules-6.12.38+deb13-s390x-di | 6.12.38-1 | s390x xfs-modules-6.12.48+deb13-s390x-di | 6.12.48-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:18 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 btrfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 btrfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 cdrom-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 cdrom-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 crypto-dm-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 crypto-dm-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 crypto-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 crypto-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 drm-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 drm-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ext4-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ext4-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 f2fs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 f2fs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 fat-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 fat-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 fb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 fb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 input-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 input-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 isofs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 isofs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 jfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 jfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 kernel-image-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 kernel-image-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 linux-headers-6.12.38+deb13-riscv64 | 6.12.38-1 | riscv64 linux-headers-6.12.48+deb13-riscv64 | 6.12.48-1 | riscv64 linux-image-6.12.38+deb13-riscv64 | 6.12.38-1 | riscv64 linux-image-6.12.38+deb13-riscv64-dbg | 6.12.38-1 | riscv64 linux-image-6.12.48+deb13-riscv64 | 6.12.48-1 | riscv64 linux-image-6.12.48+deb13-riscv64-dbg | 6.12.48-1 | riscv64 loop-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 loop-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 md-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 md-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mmc-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mmc-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mmc-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mmc-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 mtd-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 mtd-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 multipath-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 multipath-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nbd-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nbd-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-shared-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-shared-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-usb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-usb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 nic-wireless-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 nic-wireless-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 pata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 pata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ppp-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 ppp-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 sata-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 sata-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-core-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-core-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 scsi-nic-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 scsi-nic-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 squashfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 squashfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 udf-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 udf-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-serial-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-serial-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 usb-storage-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 usb-storage-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 xfs-modules-6.12.38+deb13-riscv64-di | 6.12.38-1 | riscv64 xfs-modules-6.12.48+deb13-riscv64-di | 6.12.48-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 09:59:37 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.38+deb13-cloud-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.38+deb13-rt-amd64 | 6.12.38-1 | amd64 linux-headers-6.12.48+deb13-amd64 | 6.12.48-1 | amd64 linux-headers-6.12.48+deb13-cloud-amd64 | 6.12.48-1 | amd64 linux-headers-6.12.48+deb13-rt-amd64 | 6.12.48-1 | amd64 linux-image-6.12.38+deb13-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64-dbg | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64-unsigned | 6.12.38-1 | amd64 linux-image-6.12.48+deb13-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-amd64-unsigned | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64-unsigned | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64-dbg | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64-unsigned | 6.12.48-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:04 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.38+deb13 | 6.12.38-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x linux-kbuild-6.12.48+deb13 | 6.12.48-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-arm64-16k | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-cloud-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.38+deb13-rt-arm64 | 6.12.38-1 | arm64 linux-headers-6.12.48+deb13-arm64 | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-arm64-16k | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-cloud-arm64 | 6.12.48-1 | arm64 linux-headers-6.12.48+deb13-rt-arm64 | 6.12.48-1 | arm64 linux-image-6.12.38+deb13-arm64-16k-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-16k-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64-dbg | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64-unsigned | 6.12.38-1 | arm64 linux-image-6.12.48+deb13-arm64-16k-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-16k-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64-unsigned | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64-dbg | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64-unsigned | 6.12.48-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:40 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-rpi | 6.12.38-1 | armel linux-headers-6.12.48+deb13-rpi | 6.12.48-1 | armel linux-image-6.12.38+deb13-rpi | 6.12.38-1 | armel linux-image-6.12.38+deb13-rpi-dbg | 6.12.38-1 | armel linux-image-6.12.48+deb13-rpi | 6.12.48-1 | armel linux-image-6.12.48+deb13-rpi-dbg | 6.12.48-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:00:52 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf btrfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf btrfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf cdrom-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf cdrom-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf crypto-dm-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf crypto-dm-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf crypto-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf crypto-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf drm-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf drm-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ext4-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ext4-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf f2fs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf f2fs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf fat-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf fat-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf fb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf fb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf input-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf input-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf isofs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf isofs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf jfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf jfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf kernel-image-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf kernel-image-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf linux-headers-6.12.38+deb13-armmp | 6.12.38-1 | armhf linux-headers-6.12.38+deb13-armmp-lpae | 6.12.38-1 | armhf linux-headers-6.12.38+deb13-rt-armmp | 6.12.38-1 | armhf linux-headers-6.12.48+deb13-armmp | 6.12.48-1 | armhf linux-headers-6.12.48+deb13-armmp-lpae | 6.12.48-1 | armhf linux-headers-6.12.48+deb13-rt-armmp | 6.12.48-1 | armhf linux-image-6.12.38+deb13-armmp | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-dbg | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-lpae | 6.12.38-1 | armhf linux-image-6.12.38+deb13-armmp-lpae-dbg | 6.12.38-1 | armhf linux-image-6.12.38+deb13-rt-armmp | 6.12.38-1 | armhf linux-image-6.12.38+deb13-rt-armmp-dbg | 6.12.38-1 | armhf linux-image-6.12.48+deb13-armmp | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-dbg | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-lpae | 6.12.48-1 | armhf linux-image-6.12.48+deb13-armmp-lpae-dbg | 6.12.48-1 | armhf linux-image-6.12.48+deb13-rt-armmp | 6.12.48-1 | armhf linux-image-6.12.48+deb13-rt-armmp-dbg | 6.12.48-1 | armhf loop-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf loop-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf md-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf md-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf mmc-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf mmc-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf mtd-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf mtd-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf multipath-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf multipath-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nbd-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nbd-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-shared-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-shared-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-usb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-usb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf nic-wireless-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf nic-wireless-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf pata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf pata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ppp-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf ppp-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf sata-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf sata-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-core-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-core-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf scsi-nic-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf scsi-nic-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf sound-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf sound-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf speakup-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf speakup-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf squashfs-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf squashfs-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf udf-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf udf-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf uinput-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf uinput-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-serial-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-serial-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf usb-storage-modules-6.12.38+deb13-armmp-di | 6.12.38-1 | armhf usb-storage-modules-6.12.48+deb13-armmp-di | 6.12.48-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:07 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ata-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el btrfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el btrfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el cdrom-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el cdrom-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el crypto-dm-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el crypto-dm-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el crypto-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el crypto-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el drm-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el drm-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ext4-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ext4-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el f2fs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el f2fs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el fat-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el fat-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el fb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el fb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el firewire-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el firewire-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el hypervisor-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el hypervisor-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el input-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el input-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el isofs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el isofs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el jfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el jfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el kernel-image-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el kernel-image-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el linux-headers-6.12.38+deb13-powerpc64le | 6.12.38-1 | ppc64el linux-headers-6.12.38+deb13-powerpc64le-64k | 6.12.38-1 | ppc64el linux-headers-6.12.48+deb13-powerpc64le | 6.12.48-1 | ppc64el linux-headers-6.12.48+deb13-powerpc64le-64k | 6.12.48-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-64k | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-64k-dbg | 6.12.38-1 | ppc64el linux-image-6.12.38+deb13-powerpc64le-dbg | 6.12.38-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-64k | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-64k-dbg | 6.12.48-1 | ppc64el linux-image-6.12.48+deb13-powerpc64le-dbg | 6.12.48-1 | ppc64el loop-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el loop-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el md-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el md-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el mtd-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el mtd-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el multipath-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el multipath-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nbd-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nbd-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-shared-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-shared-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-usb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-usb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el nic-wireless-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el nic-wireless-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ppp-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el ppp-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el sata-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el sata-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-core-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-core-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el scsi-nic-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el scsi-nic-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el serial-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el serial-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el squashfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el squashfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el udf-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el udf-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el uinput-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el uinput-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-serial-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-serial-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el usb-storage-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el usb-storage-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el xfs-modules-6.12.38+deb13-powerpc64le-di | 6.12.38-1 | ppc64el xfs-modules-6.12.48+deb13-powerpc64le-di | 6.12.48-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 btrfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 btrfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 cdrom-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 cdrom-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 crypto-dm-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 crypto-dm-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 crypto-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 crypto-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 drm-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 drm-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ext4-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ext4-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 f2fs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 f2fs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 fat-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 fat-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 fb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 fb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 firewire-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 firewire-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 input-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 input-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 isofs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 isofs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 jfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 jfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 kernel-image-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 kernel-image-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 linux-image-6.12.38+deb13-amd64 | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-cloud-amd64 | 6.12.38-1 | amd64 linux-image-6.12.38+deb13-rt-amd64 | 6.12.38-1 | amd64 linux-image-6.12.48+deb13-amd64 | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-cloud-amd64 | 6.12.48-1 | amd64 linux-image-6.12.48+deb13-rt-amd64 | 6.12.48-1 | amd64 loop-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 loop-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 md-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 md-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mmc-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mmc-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mmc-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mmc-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 mtd-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 mtd-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 multipath-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 multipath-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nbd-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nbd-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-pcmcia-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-pcmcia-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-shared-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-shared-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-usb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-usb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 nic-wireless-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 nic-wireless-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pcmcia-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pcmcia-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 pcmcia-storage-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 pcmcia-storage-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ppp-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 ppp-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 rfkill-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 rfkill-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 sata-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 sata-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-core-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-core-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 scsi-nic-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 scsi-nic-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 serial-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 serial-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 sound-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 sound-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 speakup-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 speakup-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 squashfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 squashfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 udf-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 udf-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 uinput-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 uinput-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-serial-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-serial-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 usb-storage-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 usb-storage-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 xfs-modules-6.12.38+deb13-amd64-di | 6.12.38-1 | amd64 xfs-modules-6.12.48+deb13-amd64-di | 6.12.48-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:31 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ata-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 btrfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 btrfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 cdrom-core-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 cdrom-core-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 crypto-dm-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 crypto-dm-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 crypto-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 crypto-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ext4-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ext4-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 f2fs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 f2fs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 fat-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 fat-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 fb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 fb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 input-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 input-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 isofs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 isofs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 jfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 jfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 kernel-image-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 kernel-image-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 linux-image-6.12.38+deb13-arm64 | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-arm64-16k | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-cloud-arm64 | 6.12.38-1 | arm64 linux-image-6.12.38+deb13-rt-arm64 | 6.12.38-1 | arm64 linux-image-6.12.48+deb13-arm64 | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-arm64-16k | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-cloud-arm64 | 6.12.48-1 | arm64 linux-image-6.12.48+deb13-rt-arm64 | 6.12.48-1 | arm64 loop-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 loop-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 md-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 md-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 mmc-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 mmc-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 multipath-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 multipath-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nbd-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nbd-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-shared-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-shared-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-usb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-usb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 nic-wireless-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 nic-wireless-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ppp-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 ppp-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 sata-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 sata-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-core-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-core-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 scsi-nic-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 scsi-nic-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 sound-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 sound-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 speakup-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 speakup-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 squashfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 squashfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 udf-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 udf-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 uinput-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 uinput-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-serial-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-serial-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 usb-storage-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 usb-storage-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 xfs-modules-6.12.38+deb13-arm64-di | 6.12.38-1 | arm64 xfs-modules-6.12.48+deb13-arm64-di | 6.12.48-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 15 Nov 2025 10:01:57 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.38+deb13-common | 6.12.38-1 | all linux-headers-6.12.38+deb13-common-rt | 6.12.38-1 | all linux-headers-6.12.48+deb13-common | 6.12.48-1 | all linux-headers-6.12.48+deb13-common-rt | 6.12.48-1 | all linux-support-6.12.38+deb13 | 6.12.38-1 | all linux-support-6.12.48+deb13 | 6.12.48-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= 7zip (25.01+dfsg-1~deb13u1) trixie; urgency=medium . * New upstream version 25.01+dfsg * Fix CVE-2025-55188, CVE-2025-11002, CVE-2025-11001 7zip (25.00+dfsg-1) unstable; urgency=medium . * New upstream version 25.00+dfsg * Rediff patches * Drop unused macro while building SFX stub * Disable CI for upstream codes branch * Enable cross build test in CI 7zip-rar (25.00+ds-1+deb13u1) trixie; urgency=medium . * Add missing CRC table constructor (Closes: #1118733) aide (0.19.1-2+deb13u2) trixie; urgency=medium . * fix issue with 31_aide_lvm: bin/buildcache was a non-functional script in the original trixie release. This version now runs properly in the non-root daily job: bin/buildcache is now run from a root timer * new rules: * 31_aide_cryptsetup * 31_aide_grub-pc * 31_aide_ksmtuned * 31_aide_radvd * 31_aide_run_systemd_dynamic-uid * 31_aide_systemd_tmpfiles * 31_aide_valkey * 31_aide_xfsprogs * update and improve rules: * 10_aide_bits * 10_aide_dateformats * 10_aide_days * 11_aide_dateformats_cury * 10_aide_hardware * 31_aide_apt-cacher-ng * 31_aide_bind9 * 31_aide_console-setup * 31_aide_cups * 31_aide_dehydrated * 31_aide_dev * 31_aide_dokuwiki * 31_aide_fwupd * 31_aide_gnupg * 31_aide_icinga2 * 31_aide_lighttpd * 31_aide_man * 31_aide_mariadb * 31_aide_run_systemd_netif * 31_aide_samba * 31_aide_schroot * 31_aide_spamassassin * 31_aide_ssh-server * 31_aide_sudo * 31_aide_systemd * 31_aide_systemd_sessions * 31_aide_torrus * 31_aide_udev * re-work postgreql rules allow-html-temp (10.0.8-1~deb13u1) trixie; urgency=medium . * Prepared for uploading to trixie proposed update after update of thunderbird in trixie (stable) allow-html-temp (10.0.8-1~deb12u1) bookworm; urgency=medium . [ Mechtilde ] * [d894bae] Rebased to new upstream version 10.0.8 * [385a188] Added d/dpb.conf to use debian-package-scripts alsa-ucm-conf-asahi (8-2+deb13u1) trixie; urgency=medium . * Team upload. * d/install: install the aop_audio ucm configs (Closes: #1112531) ansible (12.0.0~b5+dfsg-0+deb13u1) trixie; urgency=medium . * New upstream version 12.0.0~b5+dfsg * Update debian/gbp.conf to track trixie branches * Change gbp upstream tag as long as upstream version in trixie and sid match * Update debian/watch to also catch beta releases * Drop community hashi-vault patches (applied upstream) * Add 12 previously failing collection CI tests to autopkgtest ansible (12.0.0~b3+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b3+dfsg ansible (12.0.0~b2+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b2+dfsg ansible (12.0.0~b1+dfsg-1) unstable; urgency=medium . * New upstream version 12.0.0~b1+dfsg - many collections have been updated to not emit deprecation warnings when used with ansible-core 2.19.0. * Drop community hashi-vault patches (applied upstream) * Add 12 previously failing collection CI tests to autopkgtest * Update debian/watch to also catch beta releases. ansible-core (2.19.4-0+deb13u1) trixie; urgency=medium . [ Lee Garrett ] * New upstream bugfix release 2.19.4 - Fix regression from 2.18 regarding handlers and play tags (Closes: #1114932) * d/t/ansible-test-integration.py: Match conditional with log verbosity * autopkgtest: Always emit output when testbed-setup.sh is run . [ Colin Watson ] * Move apt sources lists aside more comprehensively in tests * testbed-setup: Only remove autopkgtest's global pinning ansible-core (2.19.3-2) unstable; urgency=medium . * Team upload. * Move apt sources lists aside more comprehensively in tests. * testbed-setup: Only remove autopkgtest's global pinning, not more specific pins such as those created by "autopkgtest --pin-packages". ansible-core (2.19.3-1) unstable; urgency=medium . * d/watch: Don't scan for beta/rc releases for now. * New upstream version 2.19.3 * Fix regression from 2.18 regarding handlers and play tags (Closes: #1114932) ansible-core (2.19.2-1) unstable; urgency=medium . [ Stefano Rivera ] * Loosen resolvelib dependency (following upstream). . [ Lee Garrett ] * New upstream version 2.19.2 * Add debug code to check for spurious autopkgtest failures regarding python's EXTERNALLY-MANAGED marker file * Fix logging conditional in autopkgtest * autopkgtest: Always emit output when testbed-setup.sh is run ansible-core (2.19.1-1) unstable; urgency=medium . * New upstream bugfix release 2.19.1 * Skip ansible-test-debugging integration test (requires running from source) ansible-core (2.19.1-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release 2.19.1 * Update debian/gbp.conf to track trixie branches * Update watch file to follow ansible-core 2.19.x in trixie * Change gbp upstream tag as long as upstream version in trixie and sid match * Skip ansible-test-debugging integration test (requires running from source) ansible-core (2.19.0-1) unstable; urgency=medium . * New upstream version 2.19.0 - This version is equivalent to rc2 on the code level, and just consolidates the changelog of the beta/rc releases into a single 2.19.0 one. ansible-core (2.19.0~rc2-1) unstable; urgency=medium . * New upstream version 2.19.0~rc1 - templating - Relaxed the Jinja sandbox to allow specific bitwise operations which have no filter equivalent. The allowed methods are __and__, __lshift__, __or__, __rshift__, __xor__. (Closes: #1106362) - templating - Switched from the Jinja immutable sandbox to the standard sandbox. This restores the ability to use mutation methods such as list.append and dict.update. - Bugfix: Update automatic role argument spec validation to not use deprecated syntax. - Bugfix: ssh connection plugin - Allow only one password prompt attempt when utilizing SSH_ASKPASS. * New upstream version 2.19.0~rc2 - Add deprecation warnings to YAML parsing, config settings, playbooks, and the public API. asahi-scripts (20250130-3+deb13u1) trixie; urgency=medium . * Team upload. * d/patches: - add 0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch to fix the macaudio default profile check (Closes: #1112262) - add 0000-Backport-asahi-diagnose-drop-tas2764-checks.patch to drop the tas2764 quirk checks (Closes: #1112262) - 0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch: add the apple_nvmem_spmi module to the initramfs explicitly and obsolete simple-mfd-spmi and nvmem_spmi_mfd (Closes: #1112264) - add 0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch to make update-m1n1 idempotent (Closes: #1112265) - refresh base-files (13.8+deb13u2) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.2 point release. bind9 (1:9.20.15-1~deb13u1) trixie-security; urgency=high . * New upstream version 9.20.15 - [CVE-2025-8677]: DNSSEC validation fails if matching but invalid DNSKEY is found - [CVE-2025-40778]: Address various spoofing attacks. - [CVE-2025-40780]: Cache-poisoning due to weak pseudo-random number generator bind9 (1:9.20.15-1~deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for trixie-backports. * d/gbp.conf: set branch for bookworm-backports brltty (6.7-3.1+deb13u2) trixie; urgency=medium . * patches/noverbose-bluetooth: Avoid verbose bluetooth spam. * patches/noverbose-usbfs: Avoid verbose usbfs spam (Closes: Bug#845496) brltty (6.7-3.1+deb13u2~bpo12+1) bookworm-backports; urgency=medium . * Backport to bookworm. chromium (142.0.7444.134-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. chromium (142.0.7444.134-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-12725: Out of bounds write in WebGPU. Reported by Anonymous. - CVE-2025-12726: Inappropriate implementation in Views. Reported by Alesandro Ortiz. - CVE-2025-12727: Inappropriate implementation in V8. Reported by 303f06e3. - CVE-2025-12728: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-12729: Inappropriate implementation in Omnibox. Reported by Khalil Zhani. chromium (142.0.7444.59-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (142.0.7444.59-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. - trixie/rust-no-alloc-shim.patch: add another missing symbol that's provided by newer versions of rust. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (142.0.7444.59-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-12428: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab. - CVE-2025-12429: Inappropriate implementation in V8. Reported by Aorui Zhang. - CVE-2025-12430: Object lifecycle issue in Media. Reported by round.about. - CVE-2025-12431: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz. - CVE-2025-12432: Race in V8. Reported by Google Big Sleep. - CVE-2025-12433: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. - CVE-2025-12434: Race in Storage. Reported by Lijo A.T. - CVE-2025-12435: Incorrect security UI in Omnibox. Reported by Hafiizh. - CVE-2025-12436: Policy bypass in Extensions. Reported by Luan Herrera (@lbherrera_). - CVE-2025-12437: Use after free in PageInfo. Reported by Umar Farooq. - CVE-2025-12438: Use after free in Ozone. Reported by Wei Yuan of MoyunSec VLab. - CVE-2025-12439: Inappropriate implementation in App-Bound Encryption. Reported by Ari Novick. - CVE-2025-12440: Inappropriate implementation in Autofill. Reported by Khalil Zhani. - CVE-2025-12441: Out of bounds read in V8. Reported by Google Big Sleep. - CVE-2025-12443: Out of bounds read in WebXR. Reported by Aisle Research - CVE-2025-12444: Incorrect security UI in Fullscreen UI. Reported by syrf. - CVE-2025-12445: Policy bypass in Extensions. Reported by Thomas Greiner - CVE-2025-12446: Incorrect security UI in SplitView. Reported by Hafiizh - CVE-2025-12447: Incorrect security UI in Omnibox. Reported by Khalil Zhani. * d/patches: - disable/android.patch: drop part of patch related to md5sum tool. - disable/catapult.patch: refresh. - bookworm/clang19.patch: also drop uninit-const-pointer and unnecessary-virtual-specifier warnings. - ungoogled/disable-privacy-sandbox.patch: sync from upstream. - i386/support-i386.patch: refresh. - trixie/rust-sanitize.patch: add a workaround for older rustc. - fixes/chromium-142-iwyu-field-form-data.patch: pull in build fix from gentoo. - trixie/rust-no-alloc-shim.patch: add another missing symbol that's provided by newer versions of rust. - bookworm/gn-path-exists2.patch: add another workaround for lack of path_exists() in older gn. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0001-third-party-hwy-wrong-include.patch: Drop due to upstream fixes - ppc64le/third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes chromium (141.0.7390.122-1) unstable; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.122-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.122-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-12036: Inappropriate implementation in V8. Reported by Google Big Sleep. chromium (141.0.7390.107-1) unstable; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.107-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.107-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-11756: Use after free in Safe Browsing. Reported by asnine. * Suggest --disable-gpu to bug reporters and in README.Debian. chromium (141.0.7390.65-1) unstable; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.65-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.65-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-11458: Heap buffer overflow in Sync. Reported by raven at KunLun lab. - CVE-2025-11460: Use after free in Storage. Reported by Sombra. - CVE-2025-11211: Out of bounds read in WebCodecs. Reported by Jakob Košir. chromium (141.0.7390.54-1) unstable; urgency=high . * New upstream stable release. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (141.0.7390.54-1~deb13u1) trixie-security; urgency=high . * New upstream stable release. - CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG. - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl. - CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz. - CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen. - CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq. - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob. - CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K. - CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep. - CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari. - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (141.0.7390.54-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-11205: Heap buffer overflow in WebGPU. Reported by Atte Kettunen of OUSPG. - CVE-2025-11206: Heap buffer overflow in Video. Reported by Elias Hohl. - CVE-2025-11207: Side-channel information leakage in Storage. Reported by Alesandro Ortiz. - CVE-2025-11208: Inappropriate implementation in Media. Reported by Kevin Joensen. - CVE-2025-11209: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11210: Side-channel information leakage in Tab. Reported by Umar Farooq. - CVE-2025-11211: Out of bounds read in Media. Reported by Kosir Jakob. - CVE-2025-11212: Inappropriate implementation in Media. Reported by Ameen Basha M K. - CVE-2025-11213: Inappropriate implementation in Omnibox. Reported by Hafiizh. - CVE-2025-11215: Off by one error in V8. Reported by Google Big Sleep. - CVE-2025-11216: Inappropriate implementation in Storage. Reported by Farras Givari. - CVE-2025-11219: Use after free in V8. Reported by Google Big Sleep. * d/patches: - fixes/rust-clanglib.patch: refresh. - trixie/rust-no-alloc-shim.patch: refresh. - ungoogled/disable-privacy-sandbox.patch: update from ungoogled. - fixes/gentoo-stylesheet.patch: add patch from gentoo to fix build. - fixes/libcpp-headers.patch: add build fix for unbundling clang. * d/rules: set rtc_video_psnr=false for bookworm's older openh264. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-Enable-seccomp_bpf-for-ppc64.patch: Refresh for upstream changes - fixes/fix-rustc.patch: Refresh for upstream changes chromium (140.0.7339.207-1) unstable; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.207-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.207-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-10890: Side-channel information leakage in V8. Reported by Mate Marjanović (SharpEdged). - CVE-2025-10891: Integer overflow in V8. Reported by Google Big Sleep. - CVE-2025-10892: Integer overflow in V8. Reported by Google Big Sleep. chromium (140.0.7339.185-1) unstable; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.185-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.185-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-10585: Type Confusion in V8. Reported by Google Threat Analysis Group. - CVE-2025-10500: Use after free in Dawn. Reported by Giunash (Gyujeong Jin). - CVE-2025-10501: Use after free in WebRTC. Reported by sherkito. - CVE-2025-10502: Heap buffer overflow in ANGLE. Reported by Google Big Sleep. chromium (140.0.7339.127-1) unstable; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.127-1~deb13u1) trixie-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.127-1~deb12u1) bookworm-security; urgency=high . [ Andres Salomon ] * New upstream security release. - CVE-2025-10200: Use after free in Serviceworker. Reported by Looben Yang. - CVE-2025-10201: Inappropriate implementation in Mojo. Reported by Sahan Fernando & Anon. . [ Jianfeng Liu ] * drop not working fixes/libsync-rk3588-panthor.patch. * drop fixes/strlcpy.patch, which isn't needed w/ clang-19. chromium (140.0.7339.80-1) unstable; urgency=medium . * New upstream stable release. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (140.0.7339.80-1~deb13u1) trixie-security; urgency=medium . * New upstream stable release. - CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team. - CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. - CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK. - CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (140.0.7339.80-1~deb12u1) bookworm-security; urgency=medium . * New upstream stable release. - CVE-2025-9864: Use after free in V8. Reported by Pavel Kuzmin of Yandex Security Team. - CVE-2025-9865: Inappropriate implementation in Toolbar. Reported by Khalil Zhani. - CVE-2025-9866: Inappropriate implementation in Extensions. Reported by NDevTK. - CVE-2025-9867: Inappropriate implementation in Downloads. Reported by Farras Givari. * d/patches: - fixes/armhf-icf.patch: refresh. - disable/tests.patch: refresh. - disable/catapult.patch: refresh. - disable/widevine-cdm-cu.patch: refresh (and make it shorter). - bookworm/clang19.patch: refresh. - disable/android.patch: delete a new reference to chrome/android/. - disable/buildtools-libc.patch: drop due to upstream cleanups. - trixie/rust-no-alloc-shim.patch: add a build fix for older rustc. - bookworm/rust-visibility.patch: drop, not needed w/ new rust 1.85. - bookworm/crabbyav1f.patch: drop, not needed w/ new rust 1.85. - bookworm/toktrie-utf8chunks.patch: drop, not needed w/ new rust. - bookworm/derivre-create.patch: drop, not needed w/ new rust. - bookworm/rust-split-at-checked.patch: drop, not needed w/ new rust. - bookworm/crabbyav1f-macro-scope.patch: drop, not needed w/ new rust. - bookworm/rust-box-to-vec.patch: drop, not needed w/ new rust. . [ Timothy Pearson ] * d/patches/ppc64le: - third_party/0002-regenerate-xnn-buildgn.patch: Refresh for upstream changes - fixes/fix-study-crash.patch: Refresh for upstream changes - core/add-ppc64-architecture-to-extensions.diff: Refresh for upstream changes - fixes/fix-unknown-warning-option-messages.diff: Refresh for upstream changes - libaom/0001-Add-pregenerated-config-for-libaom-on-ppc64.patch: Regenerate from new upstream version - third_party/0003-third_party-ffmpeg-Add-ppc64-generated-config.patch: Regenerate from new upstream version chromium (139.0.7258.154-1) unstable; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. cjson (1.7.18-3.1+deb13u1) trixie-security; urgency=medium . * CVE-2025-57052 (Closes: #1114757) console-setup (1.242~deb13u1) trixie; urgency=medium . * Backport 1.242 from forky development. * keyboard-configuration.templates: Fix dz(azerty-oss/deadkeys) into dz, which is what xkb really provides. * keyboard-configuration.config: Fix dz default layout. console-setup (1.241) unstable; urgency=medium . * keyboard-configuration.templates: Use ca/multix variant instead of ca/multi (Closes: #1111994). console-setup (1.240+deb13u1) trixie; urgency=medium . * keyboard-configuration.templates: Update dz(la) into dz(azerty-oss). * keyboard-configuration.templates: Use ca/multix variant instead of ca/multi (Closes: #1111994). cups (2.4.10-3+deb13u2) trixie; urgency=high . * add 0018-cgi-Fix-checkbox-support-fixes.patch Thanks to Elena ``of Valhalla'' for finding the upstream commit and asking Simone Piccardi to confirm that it works now. (Closes: #1109471) cups (2.4.10-3+deb13u1) trixie-security; urgency=high . * CVE-2025-58060 fix authentication bypass with AuthType Negotiate * CVE-2025-58364 fix remote DoS via null dereference curl (8.14.1-2+deb13u2) trixie; urgency=medium . * d/p/wcurl-CVE-2025-11563.patch: Pull upstream changes to actually fix CVE-2025-11563 curl (8.14.1-2+deb13u1) trixie; urgency=medium . [ Alex ] * Team upload. * d/p/cookie-don-t-treat-the-leading-slash-as-trailing: import upstream patch to fix CVE-2025-9086 * d/p/CVE-2025-10148.patch: backport upstream patch for CVE-2025-10148 . [ Samuel Henrique ] * Import wcurl patches. * wcurl-CVE-2025-11563.patch: Fix CVE-2025-11563 * wcurl-Fix-example-for-continue-at.patch: Fix example in manpage * wcurl-Set-CURL_OPTIONS-right-before-the-url.patch: Fix to allow --output to be overwritten with --curl-options debian-edu-config (2.12.903~deb13u1) trixie; urgency=medium . * Upload to trixie. debian-installer (20250803+deb13u2) trixie; urgency=medium . * Bump Linux kernel ABI to 6.12.57+deb13. * Adjust linux-image build-deps accordingly. debian-installer-netboot-images (20250803+deb13u2) trixie; urgency=medium . * Update to 20250803+deb13u2, from trixie-proposed-updates. dhcpcd (1:10.1.0-11+deb13u1) trixie; urgency=medium . * [patches] + DHCP: Fix crash when someone deletes our address (Closes: #1114964). Cherry-pick from upstream Git (included in Forky since 10.2.0). * [service] - Remove /etc/wpa_supplicant from ReadWritePaths (Closes: #1111467). Otherwise dhcpcd fails to launch if wpasupplicant is not installed. distro-info-data (0.66+deb13u1) trixie; urgency=medium . * Update database to 0.68: - Update the bookworm EoL - Add Ubuntu 26.04 LTS "Resolute Raccoon" (LP: #2126961) dkms (3.2.2-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie. . dkms (3.2.2-1) unstable; urgency=medium . * New upstream release. * Stop shipping dkms.service. Not really needed and causes a dependency cycle with cloud-init-network.service. (Closes: #1107232) * common.postinst: Emit a warning if no kernel headers were found. (Closes: #1114731) * Drop Pre-Depends: lsb-release, no longer used since 3.0.12. * Add Breaks against more obsolete *-dkms packages. dns-root-data (2025080400~deb13u1) trixie; urgency=medium . * Rebuild the package for trixie to make possible to rebuild it again during the distribution lifetime. (See #1091496.) The content of the binary package is unchanged from version 2024071801, which is the one currently in trixie. dnsdist (1.9.10-1+deb13u1) trixie; urgency=medium . * d/{gbp.conf,.gitlab-ci.yml}: setup for trixie * Apply upstream fix for CVE-2025-8671, CVE-2025-30187 (Closes: #1115643) dolphin-emu (2503+dfsg-1+deb13u1) trixie; urgency=medium . * Remove the dfsg repack suffix from DOLPHIN_WC_DESCRIBE (closes: #1094989). * Look for locale files in the correct directory (closes: #1108687). * Switch debian-branch to trixie. dovecot (1:2.4.1+dfsg1-6+deb13u2) trixie; urgency=medium . * [6ac2883] Clean up a few typos in default/example config (Closes: #1112667) * [7feb544] Ensure default lmtpd auth_username_format matches the global value (Closes: #1111469) * [216ec20] import upstream patch for improperly terminated auth_oauth2_post_setting_defines (Closes: #1116328) * [46eab61] lib-sieve/sieve-script.c: sieve_script_create_common: Correctly handle errors. (Closes: #1116070) dovecot (1:2.4.1+dfsg1-6+deb13u1) trixie-security; urgency=high . * Import upstream fix for an issue with authentication cache management that could result in users being logged in as the wrong user in certain configurations. (Closes: #1115964) eas4tbsync (4.17-1~deb13u2) trixie; urgency=medium . * Added dir api/ to d/rules It follows 4.17-2 in unstable eas4tbsync (4.17-1~deb13u1) trixie; urgency=medium . * Prepared for uploading to trixie proposed update after update of thunderbird in trixie (stable) emacs-libvterm (0.0.2+git20250113.056ad74-3~deb13u1) trixie; urgency=medium . * Upload to trixie . emacs-libvterm (0.0.2+git20250113.056ad74-3) unstable; urgency=medium . * Fix elpa-vterm to use "Multi-Arch: no" - elpa-vterm installs the files under the same path on different archs, so they are not co-installable. . emacs-libvterm (0.0.2+git20250113.056ad74-2) unstable; urgency=medium . * Upload to unstable - Change elpa-vterm to arch:any fixed the DEB_HOST_MULTIARCH generation. (Closes: #1115607) . emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages emacs-libvterm (0.0.2+git20250113.056ad74-2) unstable; urgency=medium . * Upload to unstable - Change elpa-vterm to arch:any fixed the DEB_HOST_MULTIARCH generation. (Closes: #1115607) . emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages emacs-libvterm (0.0.2+git20250113.056ad74-2~exp1) experimental; urgency=medium . * Make elpa-vterm arch:any - elpa-vterm sets the shard library path according to the host arch. Previously when set as arch:all, the `load-path' is set once during building arch:all package and won't change based on the host arch, resulting in wrong `load-path' in non-amd64 archs. * Add `Multi-Arch: same' hint to arch:any packages eperl (2.2.15-1+deb13u1) trixie; urgency=medium . * Debian Team upload. * d/p/0003: Pass environ to PERL_SYS_INIT()/perl_parse() implicitly instead of explicitly to avoid the script getting a truncated environment on Perl 5.40 (Closes: #1114004) epiphany-browser (48.5-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release 48.4 - Fix app ID in metainfo - Disconnect signal handlers correctly, fixing a use-after-free crash (epiphany#2653 upstream) - In incognito mode (private browsing), don't use saved HTTP authentication passwords from normal mode (epiphany#2651 upstream) - Fix inability to authenticate on authenticationtest.com by avoiding a spurious authentication attempt with known-wrong credentials (epiphany!1745 upstream) - Use the creation time for webapps' "Installed on" date, not the modification time (epiphany#2604 upstream) - Don't consider og:image (a media preview used when sharing links on social media) as a candidate for the icon for a webapp, since it often points to an image that merely appears on the referenced website (epiphany!1755 upstream) - Fix a crash on exit if the export dialog has been dismissed, and relatedly a memory leak (epiphany#2661 upstream) - Fix two crashes on startup if running under Pantheon (epiphany!1818 upstream; not relevant to Debian unless that desktop environment is installed from a third-party source) - Improve robustness of password import, avoiding some crashes (epiphany!1843 upstream) - Fix PKCS#11 login for invalid cert/priv pairs (epiphany!1857 upstream) - Translation updates - Upstream CI fixes not relevant to Debian * New upstream bugfix release 48.5 - Upstream CI fixes not relevant to Debian evolution (3.56.2-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release, fixing these issues: - I#3042 - Check return value of CamelDataWrapper calculate size functions - I#3045 - Cannot add actions in 'Customize User Interface' dialog - I#3052 - Ensure "New" button action in Calendar view - I#3061 - Mail: Do not strip signature for Edit as New in Sent folder - Calendar: Cannot show/hide Tasks and Memos pane - (Closes: #1120149) * debian/control: Bump e-d-s dependencies and build-dependencies to 3.56.2 evolution (3.56.1-1+deb13u1) trixie-security; urgency=medium . * Cherry-pick patch to fix crash with webkit2gtk 2.50 (Closes: #1116301) * Update debian/gbp.conf for trixie evolution-data-server (3.56.2-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release * Cherry-pick patch to fix busy loop when using the MH format mail archive (Closes: #1111605) fangfrisch (1.9.0-3+deb13u1) trixie; urgency=high . * Non-maintainer upload. * Update sanesecurity mirror as the old one will stop working this year (Closes: #1117681) ffmpeg (7:7.1.2-0+deb13u1) trixie-security; urgency=medium . * New upstream version 7.1.2 - Fixes CVE-2025-1594 firefox-esr (140.4.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-83, also known as: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11714, CVE-2025-11715. . * debian/watch: Refreshed. Somehow it was not refreshed for ESR. * debian/dh: Properly handle multiple DEB_BUILD_OPTIONS. firefox-esr (140.4.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-83, also known as: CVE-2025-11708, CVE-2025-11709, CVE-2025-11710, CVE-2025-11711, CVE-2025-11712, CVE-2025-11714, CVE-2025-11715. . * debian/watch: Refreshed. Somehow it was not refreshed for ESR. * debian/dh: Properly handle multiple DEB_BUILD_OPTIONS. firefox-esr (140.3.1esr-2) unstable; urgency=medium . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/rules: Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.1esr-1) unstable; urgency=medium . * New upstream release. firefox-esr (140.3.1esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. - Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.1esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. . * media/libyuv/libyuv/libyuv.gyp: Disable SVE parts of libyuv when the SVE flags are not supported. Fixes FTBFS on arm64 on bookworm. * config/system-headers.mozbuild: Add a system header wrapper for sys/platform/ppc.h.: Fixes FTBFS on pc64el on bookworm. . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. - Disable rust LTO on s390x, hoping to fix FTBFS. firefox-esr (140.3.0esr-2) unstable; urgency=medium . * debian/upstream.mk, debian/control: Stop handling testing/unstable as trixie, meaning embedded NSS is not built anymore. * debian/rules: - Avoid running dwz on platforms where we disable debug info. Closes: #1115490 - Stop setting _LEAKTEST_FILES, it hasn't been used since version 32.0. firefox-esr (140.3.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (140.3.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (140.3.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-75, also known as: CVE-2025-10527, CVE-2025-10528, CVE-2025-10529, CVE-2025-10532, CVE-2025-10533, CVE-2025-10536, CVE-2025-10537. firefox-esr (128.14.0esr-1) unstable; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. fluidsynth (2.4.4+dfsg-1+deb13u1) trixie; urgency=medium . * Set the default samplerate to 48000 and buffer size to 512 in the service config file (Closes: #1075976, #1105956). folder-account (12.1-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie for thunderbird >= 140.3 fonts-noto-color-emoji (2.051-0+deb13u1) trixie; urgency=medium . * New upstream release (Closes: #1115370) - This major update introduces support for the Unicode 17.0 standard https://blog.emojipedia.org/google-debuts-emoji-17-0-support/ freeradius (3.2.7+dfsg-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Backport patch to fix compatibility with OpenSSL 3.5.2 (Closes: #1111328) gegl (1:0.4.62-2+deb13u1) trixie-security; urgency=medium . * CVE-2025-10921 (Closes: #1116470) ghostscript (10.05.1~dfsg-1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Steve Robbins ] * Upstream fix for CVE-2025-7462. (Closes: #1109270) . [ Salvatore Bonaccorso ] * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443) * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444) gimp (3.0.4-3+deb13u2) trixie-security; urgency=medium . * CVE-2025-10934 (Closes: #1119661) gimp (3.0.4-3+deb13u1) trixie-security; urgency=medium . * CVE-2025-10924 (Closes: #1116461) * CVE-2025-10923 (Closes: #1116460) * CVE-2025-10922 (Closes: #1116459) * CVE-2025-10920 (Closes: #1116458) gnome-maps (48.7-0+deb13u1) trixie; urgency=medium . * New upstream bugfix release (Closes: #1111673) - Fix a regression when requesting route planning from transitous.org (gnome-maps#864 upstream) - Add address format for Austria - Add address format for Paraguay - Translation updates (Dutch, Romanian, Thai) gnome-maps (48.6-3) unstable; urgency=medium . * Team upload * Build-depend on gobject-introspection instead of libgirepository1.0-dev * Standards-Version: 4.7.2 (no changes required) gnome-maps (48.6-2) unstable; urgency=medium . * Cherry-pick fixes from gnome-48 branch (Closes: #1111673): - Add address format for Austria - Add address format for Paraguay - Update Dutch translation . gnome-maps (48.6-1) unstable; urgency=medium . * Team upload * d/gbp.conf, d/watch: Only watch for 48.x for now. We'll track 48.x in testing/unstable for now, to get more testing for possible future trixie updates. * New upstream stable release - Translation updates only gnome-maps (48.6-1) unstable; urgency=medium . * Team upload * d/gbp.conf, d/watch: Only watch for 48.x for now. We'll track 48.x in testing/unstable for now, to get more testing for possible future trixie updates. * New upstream stable release - Translation updates only gnome-session (48.0-1+deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf, d/watch: Set branch for trixie stable updates * d/gnome-mimeapps.list: Fall back from Evince to Papers where supported, if Evince is not installed. The default PDF reader for GNOME in trixie is evince, but the metapackage has an alternative dependency on papers and some early adopters are already using the newer package. Papers doesn't support some document formats that Evince did, like Postscript and DVI. Continue to prefer only Evince for those. (Closes: #1112257, #1115704) * d/gnome-mimeapps.list: Fall back from Totem to Showtime where supported, if Showtime is not installed. Similar to the PDF readers, the default video player for GNOME in trixie is totem, but the metapackage has an alternative dependency on showtime. showtime is only a file-based video player and isn't designed to play audio, playlists or DVDs, so continue to refer to only totem for the formats not supported by showtime. google-recaptcha (1.3.0-2+deb13u1) trixie; urgency=medium . * Add a patch to fix PHP 8.4 deprecations haproxy (3.0.11-1+deb13u1) trixie-security; urgency=high . * CVE-2025-11230: fix possible DoS when parsing JSON numbers. hsqldb1.8.0 (1.8.0.10+dfsg-12.1+deb13u1) trixie-security; urgency=medium . * (re)add avoid-execution-of-spurious-command-in-script-or-log-file.diff to debian/patches/series, lost in 1.8.0.10+dfsg-12.1 NMU ikvswitch (1.0.4+deb13u1) trixie; urgency=medium . * Write in /etc/sysctl.d/00-forward-internet.conf as sysctl.conf is gone in Trixie. * Use Trixie as default distro for the setup. * Add || true when doing "ip link set down dev" if ipmi bridge. imagemagick (8:7.1.1.43+dfsg1-1+deb13u3) trixie; urgency=high . * Fix CVE-2025-62171 (Closes: #1118340) Integer Overflow in BMP Decoder (ReadBMP): CVE-2025-57803 claims to be patched, but the fix is incomplete and ineffective. . The patch added BMPOverflowCheck() but placed it after the overflow occurs, making it useless. A malicious 58-byte BMP file can trigger AddressSanitizer crashes and DoS. imagemagick (8:7.1.1.43+dfsg1-1+deb13u2) trixie-security; urgency=high . * Fix CVE-2025-55004: ImageMagick is vulnerable to heap-buffer overflow read around the handling of images with separate alpha channels when performing image magnification in ReadOneMNGIMage. This can likely be used to leak subsequent memory contents into the output image (Closes: #1111101) * Fix CVE-2025-55005: when preparing to transform from Log to sRGB colorspaces, the logmap construction fails to handle cases where the reference-black or reference-white value is larger than 1024. This leads to corrupting memory beyond the end of the allocated logmap buffer. (Closes: #1111102) * Fix CVE-2025-55154: the magnified size calculations in ReadOneMNGIMage (in coders/png.c) are unsafe and can overflow, leading to memory corruption. (Closes: #1111103) * Fix CVE-2025-55212: Passing a geometry string containing only a colon (":") to montage -geometry leads GetGeometry() to set width/height to 0. Later, ThumbnailImage() divides by these zero dimensions, triggering a crash (SIGFPE/abort), resulting in a denial of service. (Closes: #1111587) * Fix CVE-2025-55298: A format string bug vulnerability exists in InterpretImageFilenam function where user input is directly passed to FormatLocaleString without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. (Closes: #1111586) * Fix CVE-2025-57803: A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses bytes_per_line (stride) to a tiny value while the per-row writer still emits 3 × width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. (Closes: #1112469) * Fix CVE-2025-57807: A security problem was found in SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset ≫ extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2⁶⁴ arithmetic wrap, external delegates, or policy settings are required. (Closes: #1114520) incus (6.0.4-2+deb13u1) trixie-security; urgency=high . * Backport fixes for the following security issues: - CVE-2025-54293 / GHSA-472f-vmf2-pr3h - CVE-2025-54287 / GHSA-w2hg-2v4p-vmh6 - CVE-2025-54288 / GHSA-7232-97c6-j525 - CVE-2025-54286 / GHSA-p8hw-rfjg-689h - CVE-2025-54290 / GHSA-p3x5-mvmp-5f35 - CVE-2025-54291 / GHSA-xch9-h8qw-85c7 - CVE-2025-54289 / GHSA-3g72-chj4-2228 incus (6.0.4-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports. - Drop dependency on virtiofsd, as it isn't available for bookworm - Drop apparmor 4.x patch - Relax dependency on lxcfs, since runit scripts aren't expected for bookworm - Add patch to remove dependency on go-criu - Add patch to build with older version of openfga-go-sdk - Add patch backporting RemoveAll from newer sftp input-remapper (2.1.1-1+deb13u1) trixie; urgency=medium . * Add psutil to the list of module requirements. Closes: #1113695. intel-microcode (3.20250812.1~deb13u1) trixie-security; urgency=medium . * Security upload, no changes. . intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. intel-microcode (3.20250812.1~deb12u1) bookworm-security; urgency=medium . * Backport to bookworm-security * debian/rules: revert use of /usr/lib/firmware for deb12 . intel-microcode (3.20250812.1) unstable; urgency=medium . [ Henrique de Moraes Holschuh ] * New upstream microcode datafile 20250812 (closes: #1110983, #1112168) - Mitgations for INTEL-SA-01249 (processor Stream Cache): CVE-2025-20109: Improper Isolation or Compartmentalization in the stream cache mechanism for some Intel Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Intel also disclosed that several processors models had already received this mitigation on the previous microcode release, 20250512. - Mitigations for INTEL-SA-01308: CVE-2025-22840: Sequence of processor instructions leads to unexpected behavior for some Intel Xeon 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01310 (OOBM services module): CVE-2025-22839: Insufficient granularity of access control in the OOB-MSM for some Intel Xeon 6 Scalable processors may allow a privileged user to potentially enable escalation of privilege via adjacent access. - Mitigations for INTEL-SA-01311 (Intel TDX): CVE-2025-22889: Improper handling of overlap between protected memory ranges for some Intel Xeon 6 processors with Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01313: CVE-2025-20053: Improper buffer restrictions for some Intel Xeon Processor firmware with SGX enabled may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-21090: Missing reference to active allocated resource for some Intel Xeon processors may allow an authenticated user to potentially enable denial of service via local access. CVE-2025-24305: Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel Xeon processors may allow a privileged user to potentially enable escalation of privilege via local access. - Mitigations for INTEL-SA-01367 (Intel SGX, TDX): CVE-2025-26403: Out-of-bounds write in the memory subsystem for some Intel Xeon 6 processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2025-32086: Improperly implemented security check for standard in the DDRIO configuration for some Intel Xeon 6 Processors when using Intel SGX or Intel TDX may allow a privileged user to potentially enable escalation of privilege via local access. - Fixes for unspecified functional issues on several Intel Core and Intel Xeon processor models. * Updated microcodes: sig 0x000606a6, pf_mask 0x87, 2025-03-11, rev 0xd000410, size 309248 sig 0x000606c1, pf_mask 0x10, 2025-03-06, rev 0x10002e0, size 301056 sig 0x000806f8, pf_mask 0x87, 2025-04-04, rev 0x2b000643, size 592896 sig 0x000806f7, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f6, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f5, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f4, pf_mask 0x87, 2025-04-04, rev 0x2b000643 sig 0x000806f8, pf_mask 0x10, 2025-04-08, rev 0x2c000401, size 625664 sig 0x000806f6, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f5, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000806f4, pf_mask 0x10, 2025-04-08, rev 0x2c000401 sig 0x000a06a4, pf_mask 0xe6, 2025-03-19, rev 0x0025, size 140288 sig 0x000a06d1, pf_mask 0x95, 2025-05-15, rev 0x10003d0, size 1667072 sig 0x000a06d1, pf_mask 0x20, 2025-05-15, rev 0xa000100, size 1638400 sig 0x000a06f3, pf_mask 0x01, 2025-05-03, rev 0x3000362, size 1530880 sig 0x000b06a2, pf_mask 0xe0, 2025-02-24, rev 0x4129, size 224256 sig 0x000b06a3, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06a8, pf_mask 0xe0, 2025-02-24, rev 0x4129 sig 0x000b06d1, pf_mask 0x80, 2025-05-21, rev 0x0123, size 80896 sig 0x000c0662, pf_mask 0x82, 2025-05-14, rev 0x0119, size 90112 sig 0x000c06a2, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0652, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c0664, pf_mask 0x82, 2025-05-14, rev 0x0119 sig 0x000c06f2, pf_mask 0x87, 2025-04-15, rev 0x210002b3, size 564224 sig 0x000c06f1, pf_mask 0x87, 2025-04-15, rev 0x210002b3 * update entry for 3.20250512.1 with new information * source: update symlinks to reflect id of the latest release, 20250812 . [ Ben Hutchings ] * debian/tests/initramfs: Update to work with forky's initramfs-tools. In version 0.149 of initramfs-tools, unmkinitramfs was changed to no longer create early/ and main/ subdirectories. Update the microcode file check to work with both old and new behaviours. irqbalance (1.9.4-1+deb13u1) trixie; urgency=medium . * d/gbp.conf: set debian-branch to debian/trixie * Drop ProtectKernelTunables=yes in irqbalance.service. Done via new patch: d/p/drop-protectkerneltunables.patch Thanks to Marco d'Itri (Closes: #1114676) jdupes (1.28.0-1+deb13u1) trixie; urgency=medium . * debian/patches/020_fix-uniq-count.patch: created to fix flag overlap between FF_NOT_UNIQUE and FF_HASHDB_DIRTY. . Both FF_NOT_UNIQUE and FF_HASHDB_DIRTY were defined using the same bit (1U << 5), causing logic errors where files were incorrectly marked as not unique due to hash database state. This commit moves FF_HASHDB_DIRTY to (1U << 6) to eliminate the overlap. It fixes incorrect behavior when detecting unique files with --unique or -u. . Closes: #1063079 jetty12 (12.0.17-3.1~deb13u1) trixie-security; urgency=medium . * Non-maintainer upload. * Rebuild for trixie-security. . jetty12 (12.0.17-3.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111765) jetty9 (9.4.57-1.1~deb13u1) trixie-security; urgency=medium . * Non-maintainer upload. * Rebuild for trixie-security. . jetty9 (9.4.57-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111766) jetty9 (9.4.57-1.1~deb12u1) bookworm-security; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm-security. . jetty9 (9.4.57-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-5115: MadeYouReset HTTP/2 vulnerability (Closes: #1111766) jing-trang (20241231+repack-1~deb13u1) trixie; urgency=medium . * Re-import new upstream release, with gbp filtering (Closes: Bug#1118457) keepassxc-browser (1.9.7+repack1-1+deb13u1) trixie; urgency=medium . * Fixed integration with Chromium (Closes: #1111635) + Split installation for Chromium and Firefox in two separate directories. Each directory does now contain the correct manifest.json file for the respective browser. + Added maintainer preinst script to remove a symbolic link from previous package versions to have this revision create a directory instead + Added maintainer prerm script to permit a downgrade - just in case. It conditionally reverses the action of the above mentioned preinst script. + Extended fix-browser-polyfill-includex.patch to also adjust the Chromium manifest + Extended fix-nacl-includes.patch to also adjust the Chromium manifest + Extended chromium-extension-key.patch to add the extension's key in the manifest file which is installed from this revision on for Chromium + Extended lintian overrides for warnings produced by the additional installation for Chromium + Extended and updated debian/rules to rename and install files into the respective directories per browser. Removed obsolete file permission fixes and improved readability. kmail-account-wizard (4:24.12.3-1+deb13u1) trixie; urgency=medium . * Detect QML-dependencies automatically. lemonldap-ng (2.21.2+ds-1+deb13u1) trixie; urgency=medium . * Fix shell injection from admin interface (Closes: CVE-2025-59518) * Don't expose session-id into Ajax responses * Fix Google authentication libcommons-lang-java (2.6-10+deb13u1) trixie; urgency=medium . * Team upload. * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924. - Fix an uncontrolled recursion vulnerability (closes: 1109126). libcommons-lang3-java (3.17.0-1+deb13u1) trixie; urgency=medium . * Team upload. * d/patches/CVE-2025-48924.patch: Add patch to fix CVE-2025-48924. - Fix an uncontrolled recursion vulnerability (closes: 1109125). libcpanel-json-xs-perl (4.39-2~deb13u1) trixie-security; urgency=high . * Rebuild for trixie-security . libcpanel-json-xs-perl (4.39-2) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40929) libgpiod (2.2.1-2+deb13u1) trixie; urgency=medium . * d/control: Remove Breaks/Replaces on libgpiod2 and libgpiod2t64. This allows co-installation with older libraries. (Closes: #1110868) libhtp (1:0.5.50-1+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2025-53537: memory leak with LZMA (Closes: #1109838) libjson-xs-perl (4.040-1~deb13u1) trixie-security; urgency=high . * Rebuild for trixie-security . libjson-xs-perl (4.040-1) unstable; urgency=medium . * Team upload. * Import upstream version 4.040. - Fix json_atof_scan1 overflows (CVE-2025-40928) * Drop initial patch for CVE-2025-40928 in favour of upstream changes * Drop patches applied upstream . libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libjson-xs-perl (4.040-1~deb12u1) bookworm-security; urgency=high . * Rebuild for bookworm-security . libjson-xs-perl (4.040-1) unstable; urgency=medium . * Team upload. * Import upstream version 4.040. - Fix json_atof_scan1 overflows (CVE-2025-40928) * Drop initial patch for CVE-2025-40928 in favour of upstream changes * Drop patches applied upstream . libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libjson-xs-perl (4.030-3) unstable; urgency=medium . * Team upload. * Fix json_atof_scan1 overflows (CVE-2025-40928) libsmb2 (6.2+dfsg-2+deb13u1) trixie; urgency=medium . * Import upstream patches to fix CVE-2025-57632 - When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256) * d/p/CVE-2025-57632-pt*.patch: Import upstream patches to fix CVE * d/p/CVE-2025-57632-pt2.patch: Backport patch and Update hunks' offsets * d/p/CVE-2025-57632-pt3.patch: Backport patch and Update hunks' offsets * d/p/CVE-2025-57632-pt4.patch: Backport patch and Change hunk to reflect new code indentation libssh (0.11.2-1+deb13u1) trixie; urgency=medium . * CVE-2025-8277 (Closes: #1114859) * CVE-2025-8114 (Closes: #1109860) libvirt (11.3.0-3+deb13u1) trixie; urgency=medium . * [6a549fc] patches: Add backports - backport/tlscert-Don-t-force-keyEncipherment[...] - backport/tls-Don-t-require-keyEncipherment-[...] - backport/tests-[...]-Drop-use-of-GNUTLS_KEY_KEY_ENCIPHERM[...] - Removes the requirement to have keyEncipherment enabled for TLS certificates - Closes: #1110816 * [8b355a8] patches: Add backports - backport/daemon-Drop-log-level-of-VIR_ERR_NO_SUPPORT-[...] - Prevents journal spam when using the LXC driver - Closes: #1110963 * [f5079ab] patches: Add backports - backport/qemu-capabilities-Check-if-cpuModels-is-not-NULL-[...] - Fixes a daemon crash that occurs when probing capabilities for a QEMU binary that doesn't report information about CPU models - Closes: #1112481 libwebsockets (4.3.5-1+deb13u1) trixie; urgency=medium . * CVE-2025-11677 (Closes: #1118747) * CVE-2025-11678 (Closes: #1118746) libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u2) trixie; urgency=high . * Non-maintainer upload. * Fix CVE-2025-9714: Denial of service vulnerability via uncontrolled recursion in XPath evaluation. * Amend d/p/CVE-2025-7425.patch to better reflect the original fix. libxslt (1.1.35-1.2+deb13u2) trixie-security; urgency=high . * Non-maintainer upload. * Fix regression in the backport of upstream change for issue #123 "generate-id() is non-deterministic". libyaml-syck-perl (1.34-2+deb13u1) trixie; urgency=medium . * Team upload. * Address memory corruption leading to 'str' value being set on empty keys (CVE-2025-11683) libyaml-syck-perl (1.34-2+deb12u1) bookworm; urgency=medium . * Team upload. * Address memory corruption leading to 'str' value being set on empty keys (CVE-2025-11683) linux (6.12.57-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux (6.12.48-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions linux-signed-amd64 (6.12.57+1) trixie; urgency=medium . * Sign kernel from linux 6.12.57-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux-signed-amd64 (6.12.48+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.48-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions linux-signed-arm64 (6.12.57+1) trixie; urgency=medium . * Sign kernel from linux 6.12.57-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.49 - wifi: wilc1000: avoid buffer overflow in WID string configuration - nvme: fix PI insert on write - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - wifi: mac80211: increase scan_ies_len for S1G - wifi: mac80211: fix incorrect type for ret - cgroup: split cgroup_destroy_wq into 3 workqueues - btrfs: fix invalid extref key setup when replaying dentry - net/tcp: Fix a NULL pointer dereference when using TCP-AO with TCP_REPAIR - qed: Don't collect too many protection override GRC elements - bonding: set random address only when slaves already exist - mptcp: set remote_deny_join_id0 on SYN recv - mptcp: tfo: record 'deny join id0' info - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - ice: store max_frame and rx_buf_len only in ice_rx_ring - ice: fix Rx page leak on multi-buffer frames - i40e: remove redundant memory barrier when cleaning Tx descs - igc: don't fail igc_probe() on LED setup error - net/mlx5e: Harden uplink netdev access against device unbind - bonding: don't set oif to bond dev when getting NS target destination - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - tls: make sure to abort the stream if headers are bogus - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - net: liquidio: fix overflow in octeon_init_instr_queue() - cnic: Fix use-after-free bugs in cnic_delete_task - [arm64] octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() - [amd64] perf/x86/intel: Fix crash in icl_update_topdown_event() (CVE-2025-38322) - ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer - ksmbd: smbdirect: verify remaining_data_length respects max_fragmented_recv_size - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - power: supply: bq27xxx: restrict no-battery detection to bq27000 - dm-raid: don't set io_min and io_opt for raid1 - dm-stripe: fix a possible integer overflow - gup: optimize longterm pin_user_pages() for large folio - mm: revert "mm: vmscan.c: fix OOM on swap stress test" - [amd64] iommu/vt-d: Fix __domain_mapping()'s usage of switch_to_super_page() - [amd64] iommu/amd/pgtbl: Fix possible race while increase page table level - btrfs: tree-checker: fix the incorrect inode ref size check - [arm64] ASoC: qcom: audioreach: Fix lpaif_type configuration for the I2S interface - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix NULL pointer dereference if source graph failed - [arm64] ASoC: qcom: q6apm-lpass-dais: Fix missing set_fmt DAI op for I2S - mmc: mvsdio: Fix dma_unmap_sg() nents value - [amd64] KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - drm/amd/display: Allow RX6xxx & RX7700 to invoke amdgpu_irq_get/put - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - rds: ib: Increment i_fastreg_wrs before bailing out - mptcp: propagate shutdown to subflows when possible - ALSA: hda/realtek: Fix mute led for HP Laptop 15-dw4xx - io_uring/cmd: let cmds to know about dying task - io_uring: backport io_should_terminate_tw() - io_uring: include dying ring in task_work "should cancel" state - io_uring/msg_ring: kill alloc_cache for io_kiocb allocations - io_uring/kbuf: drop WARN_ON_ONCE() from incremental length check (CVE-2025-39816) - [amd64] ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - [amd64] ASoC: Intel: catpt: Expose correct bit depth to userspace - drm/xe/tile: Release kobject for the failure path - drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ - drm: bridge: cdns-mhdp8546: Fix missing mutex unlock on error path - drm/xe: Fix a NULL vs IS_ERR() in xe_vm_add_compute_exec_queue() - smb: client: fix filename matching of deferred files - smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) - crypto: af_alg - Set merge to zero early in af_alg_sendmsg - smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path - io_uring: fix incorrect io_kiocb reference in io_link_skb - [amd64] platform/x86: asus-wmi: Fix ROG button mapping, tablet mode on ASUS ROG Z13 - [amd64] platform/x86: asus-wmi: Re-add extra keys to ignore_key_wlan quirk - vmxnet3: unregister xdp rxq info in the reset path (CVE-2025-22106) - mm: add folio_expected_ref_count() for reference count calculation - mm/gup: check ref_count instead of lru before migration - mptcp: pm: nl: announce deny-join-id0 flag - usb: xhci: introduce macro for ring segment list iteration - usb: xhci: remove option to change a default ring's TRB cycle bit - xhci: dbc: decouple endpoint allocation from initialization - xhci: dbc: Fix full DbC transfer ring after several reconnects - rtc: pcf2127: fix SPI command byte for PCF2131 backport - minmax.h: add whitespace around operators and after commas - minmax.h: update some comments - minmax.h: reduce the #define expansion of min(), max() and clamp() - minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() - minmax.h: move all the clamp() definitions after the min/max() ones - minmax.h: simplify the variants of clamp() - minmax.h: remove some #defines that are only expanded once https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.50 - scsi: ufs: mcq: Fix memory allocation checks for SQE and CQE - firewire: core: fix overlooked update of subsystem ABI version - ALSA: usb-audio: Fix code alignment in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - ALSA: usb-audio: Drop unnecessary parentheses in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Convert comma to semicolon - ALSA: hda/realtek: Add support for ASUS NUC using CS35L41 HDA - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - usb: core: Add 0x prefix to quirks debug output - [arm64,armhf] net: fec: rename struct fec_devinfo fec_imx6x_info -> fec_imx6sx_info - net: sfp: add quirk for Potron SFP+ XGSPON ONU Stick - [riscv64] mmc: sdhci-cadence: add Mobileye eyeQ support - i2c: designware: Add quirk for Intel Xe - ALSA: usb-audio: Add DSD support for Comtrue USB Audio device - ALSA: usb-audio: move mixer_quirks' min_mute into common quirk - ALSA: usb-audio: Add mute TLV for playback volumes on more devices - net: sfp: add quirk for FLYPRO copper SFP+ module - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - [amd64] HID: amd_sfh: Add sync across amd sfh work functions - cpufreq: Initialize cpufreq-based invariance before subsys - smb: server: don't use delayed_work for post_recv_credits_work - smb: server: use disable_work_sync in transport_rdma.c - bpf: Check the helper function is valid in get_helper_proto - btrfs: don't allow adding block device of less than 1 MB - wifi: virt_wifi: Fix page fault on connect - bpf: Reject bpf_timer for PREEMPT_RT - xfrm: xfrm_alloc_spi shouldn't use 0 as SPI - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - [armhf] can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: peak_usb: fix shift-out-of-bounds issue - net: tun: Update napi->skb after XDP process - net/smc: fix warning in smc_rx_splice() when calling get_page() - [arm64] ethernet: rvu-af: Remove slash from the driver name - Bluetooth: hci_sync: Fix hci_resume_advertising_sync - Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync - vhost: Take a reference on the task in struct vhost_task. - bnxt_en: correct offset handling for IPv6 destination address - net: allow alloc_skb_with_frags() to use MAX_SKB_FRAGS - nexthop: Forbid FDB status change while nexthop is in a group - mm/gup: local lru_add_drain() to avoid lru_add_drain_all() - mm: revert "mm/gup: clear the LRU flag of a page before adding to LRU batch" - mm: folio_may_be_lru_cached() unless folio_test_large() - [amd64] drm/gma500: Fix null dereference in hdmi teardown - futex: Prevent use-after-free during requeue-PI - [arm64] drm/panthor: Defer scheduler entitiy destruction to queue release - [amd64] platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() - smb: client: fix wrong index reference in smb2_compound_op() - HID: asus: add support for missing PX series fn keys - i40e: add validation for ring_len param - i40e: fix idx validation in i40e_validate_queue_map - i40e: fix idx validation in config queues msg - i40e: fix input validation logic for action_meta - i40e: fix validation of VF state in get resources - i40e: add max boundary check for VF filters - i40e: add mask to apply valid bits for itr_idx - i40e: improve VF MAC filters accounting - crypto: af_alg - Fix incorrect boolean values in af_alg_ctx - tracing: dynevent: Add a missing lockdown check on dynevent - [armhf] dts: socfpga: sodia: Fix mdio bus probe and PHY address - drm/ast: Use msleep instead of mdelay for edid read - afs: Fix potential null pointer dereference in afs_put_server - fs/proc/task_mmu: check p->vec_buf for NULL - gpiolib: Extend software-node support to support secondary software-nodes - mm/hugetlb: fix folio is still mapped when deleted - fbcon: fix integer overflow in fbcon_do_set_font - fbcon: Fix OOB access in font allocation - iommufd: Fix race during abort for file descriptors - Revert "usb: xhci: remove option to change a default ring's TRB cycle bit" - [amd64] drm/i915/backlight: Return immediately when scale() finds invalid parameters https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.51 - crypto: sha256 - fix crash at kexec - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: rc: fix races with imon_disconnect() - media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID - mm: swap: check for stable address space before operating on the VMA - wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() - [arm64] ASoC: qcom: audioreach: fix potential null pointer dereference https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.52 - wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() - USB: serial: option: add SIMCom 8230C compositions - Bluetooth: btusb: Add USB ID 2001:332a for D-Link AX9U rev. A1 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - wifi: rtl8xxxu: Don't claim USB ID 07b8:8188 - dm-integrity: limit MAX_TAG_SIZE to 255 - [amd64] platform/x86/amd/pmc: Add MECHREVO Yilong15Pro to spurious_8042 list - [amd64] platform/x86/amd/pmf: Support new ACPI ID AMDI0108 - [amd64,arm64] ASoC: rt5682s: Adjust SAR ADC button mode to fix noise issue - btrfs: ref-verify: handle damaged extent root tree - netfs: Prevent duplicate unlocking - can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled - [amd64] platform/x86/amd/pmc: Add Stellaris Slim Gen6 AMD to spurious 8042 quirks list - drm/amd : Update MES API header file for v11 & v12 - drm/amd/include : MES v11 and v12 API header update - drm/amd/include : Update MES v12 API for fence update - drm/amdgpu: Enable MES lr_compute_wa by default (Closes: #1118658) - ALSA: usb-audio: Kill timer properly at removal (CVE-2025-38105) - ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free - hid: fix I2C read buffer overflow in raw_event() for mcp2221 - nvmem: layouts: fix automatic module loading - binder: fix double-free in dbitmap - driver core/PM: Set power.no_callbacks along with power.no_pm - crypto: rng - Ensure set_ent is always present - net/9p: fix double req put in p9_fd_cancelled - [amd64] KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.53 - filelock: add FL_RECLAIM to show_fl_flags() macro - init: INITRAMFS_PRESERVE_MTIME should depend on BLK_DEV_INITRD - seccomp: Fix a race with WAIT_KILLABLE_RECV if the tracer replies too fast - gfs2: Fix GLF_INVALIDATE_IN_PROGRESS flag clearing in do_xmote - [powerpc*] 8xx: Remove left-over instruction and comments in DataStoreTLBMiss handler - [powerpc*] 603: Really copy kernel PGD entries into all PGDIRs - uprobes: uprobe_warn should use passed task - [arm64] coresight: trbe: Prevent overflow in PERF_IDX2OFF() - [arm64] perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - smb: server: fix IRD/ORD negotiation with the client - [amd64] EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller - [amd64] x86/vdso: Fix output operand size of RDPID - lsm: CONFIG_LSM can depend on CONFIG_SECURITY - btrfs: return any hit error from extent_writepage_io() - [arm64] pinctrl: renesas: rzg2l: Fix invalid unsigned return in rzg3s_oen_read() - [arm64] dts: renesas: rzg2lc-smarc: Disable CAN-FD channel0 - regmap: Remove superfluous check for !config in __regmap_init() - bpf: Remove migrate_disable in kprobe_multi_link_prog_run - libbpf: Fix reuse of DEVMAP - [arm64] dts: imx93-kontron: Fix GPIO for panel regulator - [arm64] dts: imx93-kontron: Fix USB port assignment - [arm64] dts: imx95: Correct the lpuart7 and lpuart8 srcid - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - [arm64] soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - [arm64] pinctrl: meson-gxl: add missing i2c_d pinmux - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - block: use int to store blk_stack_limits() return value - PM: sleep: core: Clear power.must_resume in noirq suspend error path - vdso: Add struct __kernel_old_timeval forward declaration to gettime.h - [armhf] dts: omap: am335x-cm-t335: Remove unused mcasp num-serializer property - [arm64] PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() - [arm64] power: supply: cw2015: Fix a alignment coding style issue - [arm64] pinctrl: renesas: Use int type to store negative error codes - null_blk: Fix the description of the cache_size module argument - nbd: restrict sockets to TCP and UDP - [arm64] PM / devfreq: rockchip-dfi: double count on RK3588 - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8183 probe failure - [arm64] soc: mediatek: mtk-svs: fix device leaks on mt8192 probe failure - [arm64] arm64: dts: mediatek: mt8186-tentacruel: Fix touchscreen model - mmc: core: Fix variable shadowing in mmc_route_rpmb_frames() - [arm64] dts: mediatek: mt6795-xperia-m5: Fix mmc0 latch-ck value - [arm64] dts: mediatek: mt8395-kontron-i1200: Fix MT6360 regulator nodes - [arm64] dts: mediatek: mt8516-pumpkin: Fix machine compatible - [armhf] pwm: tiehrpwm: Don't drop runtime PM reference in .free() - [armhf] pwm: tiehrpwm: Make code comment in .free() more useful - [armhf] pwm: tiehrpwm: Fix various off-by-one errors in duty-cycle calculation - [armhf] pwm: tiehrpwm: Fix corner case in clock divisor calculation - ACPICA: Fix largest possible resource descriptor index - [riscv64] bpf: Sign extend struct ops return values properly - nvmet-fc: move lsop put work to nvmet_fc_ls_req_op - i3c: master: svc: Use manual response for IBI events - i3c: master: svc: Recycle unused IBI slot - bpf: Explicitly check accesses to bpf_sock_addr - bpf, arm64: Call bpf_jit_binary_pack_finalize() in bpf_jit_free() - smp: Fix up and expand the smp_call_function_many() kerneldoc - tools/nolibc: make time_t robust if __kernel_old_time_t is missing in host headers - spi: fix return code when spi device has too many chipselects - bpf: Mark kfuncs as __noclone - once: fix race by moving DO_ONCE to separate section - [arm64] thermal/drivers/qcom/lmh: Add missing IRQ includes - [arm64] i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - i2c: designware: Fix clock issue when PM is disabled - i2c: designware: Add disabling clocks when probe fails - libbpf: Fix error when st-prefix_ops and ops from differ btf - bpf: Enforce expected_attach_type for tailcall compatibility - drm/radeon/r600_cs: clean up of dead code in r600_cs - f2fs: fix condition in __allow_reserved_blocks() - [arm64] phy: rockchip: naneng-combphy: Enable U3 OTG port for RK3568 - drm/amd/display: Remove redundant semicolons - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - scsi: myrs: Fix dma_alloc_coherent() error check - RDMA/mlx5: Better estimate max_qp_wr to reflect WQE count - RDMA/mlx5: Fix vport loopback forcing for MPV device - PCI/ACPI: Fix pci_acpi_preserve_config() memory leak - ALSA: lx_core: use int type to store negative error codes - inet: ping: check sock_net() in ping_get_port() and ping_lookup() - [arm64,armhf] coresight: Only register perf symlink for sinks with alloc_buffer - drm/amdgpu: Power up UVD 3 for FW validation (v2) - drm/amd/pm: Disable ULV even if unsupported (v3) - drm/amd/pm: Fix si_upload_smc_data (v3) - drm/amd/pm: Adjust si_upload_smc_data register programming (v3) - drm/amd/pm: Treat zero vblank time as too short in si_dpm (v3) - drm/amd/pm: Disable MCLK switching with non-DC at 120 Hz+ (v2) - drm/amd/pm: Disable SCLK switching on Oland with high pixel clocks (v3) - wifi: mwifiex: send world regulatory domain to driver - [arm64,armhf] PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - tcp: fix __tcp_close() to only send RST when required - drm/amdkfd: Fix error code sign for EINVAL in svm_ioctl() - [armhf] usb: phy: twl6030: Fix incorrect type for ret - usb: gadget: configfs: Correctly set use_os_string at bind - tty: n_gsm: Don't block input queue by waiting MSC - [powerpc*] misc: genwqe: Fix incorrect cmd field being reported in error - pps: fix warning in pps_register_cdev when register device fail - wifi: iwlwifi: Remove redundant header files - [amd64,arm64] idpf: fix Rx descriptor ready check barrier in splitq - [amd64] ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - [amd64] ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - [arm64] drm/msm/dpu: fix incorrect type for ret - fs: ntfs3: Fix integer overflow in run_unpack() - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist - iio: consumers: Fix handling of negative channel scale in iio_convert_raw_to_processed() - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - netfilter: ipset: Remove unused htable_bits in macro ahash_region - ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable - drivers/base/node: handle error properly in register_one_node() - RDMA/cm: Rate limit destroy CM ID timeout error message - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - wifi: mt76: mt7996: Fix RX packets configuration for primary WED device - wifi: mt76: mt7996: Convert mt7996_wed_rro_addr to LE - wifi: mt76: mt7915: fix mt7981 pre-calibration - f2fs: fix to update map->m_next_extent correctly in f2fs_map_blocks() - f2fs: fix to truncate first page in error path of f2fs_truncate() - f2fs: fix to mitigate overhead of f2fs_zero_post_eof_page() - ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT - ACPI: NFIT: Fix incorrect ndr_desc being reportedin dev_err message - scsi: qla2xxx: edif: Fix incorrect sign of error code - scsi: qla2xxx: Fix incorrect sign of error code in START_SP_W_RETRIES() - scsi: qla2xxx: Fix incorrect sign of error code in qla_nvme_xmt_ls_rsp() - HID: hidraw: tighten ioctl command parsing - f2fs: fix zero-sized extent for precache extents - Revert "usb: xhci: Avoid Stop Endpoint retry loop if the endpoint seems Running" - RDMA/core: Resolve MAC of next-hop device without ARP support - IB/sa: Fix sa_local_svc_timeout_ms read race - Documentation: trace: historgram-design: Separate sched_waking histogram section heading and the following diagram - wifi: ath12k: fix wrong logging ID used for CE - wifi: ath10k: avoid unnecessary wait for service ready message - iommu/vt-d: debugfs: Fix legacy mode page table dump logic - wifi: mac80211: fix Rx packet handling when pubsta information is not available - [amd64] ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback - RDMA/rxe: Fix race in do_task() when draining - wifi: rtw89: avoid circular locking dependency in ser_state_run() - [arm64] remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - dm vdo: return error on corrupted metadata in start_restoring_volume functions - [arm64] coresight-etm4x: Conditionally access register TRCEXTINSELR - [arm64,armhf] coresight: tmc: Support atclk - [arm64,armhf] coresight: catu: Support atclk - [arm64,armhf] coresight: etm4x: Support atclk - [arm64,armhf] coresight: trbe: Return NULL pointer for allocation failures - [arm64,armhf] coresight: tpda: fix the logic to setup the element size - [arm64] coresight: Fix incorrect handling for return value of devm_kzalloc - NFSv4.1: fix backchannel max_resp_sz verification check - ipvs: Defer ip_vs_ftp unregister during netns cleanup - netfilter: nfnetlink: reset nlh pointer during batch replay - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - usb: vhci-hcd: Prevent suspending virtually attached devices - iommu/vt-d: Disallow dirty tracking if incoherent page walk - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - ptp: Add a upper bound on max_vclocks - vhost: vringh: Fix copy_to_iter return value check - Bluetooth: MGMT: Fix not exposing debug UUID on MGMT_OP_READ_EXP_FEATURES_INFO - Bluetooth: ISO: Fix possible UAF on iso_conn_free - Bluetooth: ISO: free rx_skb if not consumed - Bluetooth: ISO: don't leak skb in ISO_CONT RX - Bluetooth: hci_sync: Fix using random address for BIG/PA advertisements - KEYS: X.509: Fix Basic Constraints CA flag parsing - ocfs2: fix double free in user_cluster_connect() - drivers/base/node: fix double free in register_one_node() - [arm64] PCI: j721e: Fix incorrect error message in probe() - [amd64,arm64] idpf: fix mismatched free function for dma_alloc_coherent - nfp: fix RSS hash key size when RSS is not supported - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - net: dlink: handle copy_thresh allocation failure - net/mlx5: Stop polling for command response if interface goes down - net/mlx5: pagealloc: Fix reclaim race during command interface teardown - net/mlx5: fw reset, add reset timeout work - smb: client: fix crypto buffers in non-linear memory - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - bpf: Reject negative offsets for ALU ops - tpm: Disable TPM2_TCG_HMAC by default - Squashfs: fix uninit-value in squashfs_get_parent - uio_hv_generic: Let userspace take care of interrupt mask - io_uring/waitid: always prune wait queue entry in io_waitid_wait() - [arm64] ASoC: wcd934x: fix error handling in wcd934x_codec_parse_data() - [amd64,arm64] ASoC: SOF: ipc3-topology: Fix multi-core and static pipelines tear down - fs: udf: fix OOB read in lengthAllocDescs handling - net: nfc: nci: Add parameter validation for packet data - [arm64,armhf] mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - dm: fix queue start/stop imbalance under suspend/load/resume races - dm: fix NULL pointer dereference in __dm_suspend() - ksmbd: Fix race condition in RPC handle list access - ksmbd: fix error code overwriting in smb2_get_info_filesystem() - ksmbd: add max ip connections parameter - ext4: fix checks for orphan inodes - [amd64] KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid - fbdev: simplefb: Fix use after free in simplefb_detach_genpds() - mm: hugetlb: avoid soft lockup when mprotect to large memory area - nvdimm: ndtest: Return -ENOMEM if devm_kcalloc() fails in ndtest_probe() - [arm64] misc: fastrpc: Save actual DMA size in fastrpc_map structure - [arm64] misc: fastrpc: Fix fastrpc_map_lookup operation - [arm64] misc: fastrpc: fix possible map leak in fastrpc_put_args - [arm64] misc: fastrpc: Skip reference for DMA handles - Input: atmel_mxt_ts - allow reset GPIO to sleep - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - sunrpc: fix null pointer dereference on zero-length checksum - [arm64] remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable() - [amd64,arm64] tee: fix register_shm_helper() - pinctrl: check the return value of pinmux_ops::get_function_name() - bus: fsl-mc: Check return value of platform_get_resource() - net/9p: Fix buffer overflow in USB transport layer - net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock - usb: typec: tipd: Clear interrupts first https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.54 - fs: always return zero on success from replace_fd() - fscontext: do not consume log entries when returning -EMSGSIZE - [arm64] map [_text, _stext) virtual address range non-executable+read-only - rseq: Protect event mask against membarrier IPI - listmount: don't call path_put() under namespace semaphore - page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches - dma-mapping: fix direction in dma_alloc direction traces - [amd64] KVM: SVM: Emulate PERF_CNTR_GLOBAL_STATUS_SET for PerfMonV2 - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() - asm-generic/io.h: Skip trace helpers if rwmmio events are disabled - perf disasm: Avoid undefined behavior in incrementing NULL - perf test trace_btf_enum: Skip if permissions are insufficient - perf evsel: Avoid container_of on a NULL leader - libperf event: Ensure tracing data is multiple of 8 sized - [arm64] clk: qcom: common: Fix NULL vs IS_ERR() check in qcom_cc_icc_register() - [arm64] clk: renesas: cpg-mssr: Fix memory leak in cpg_mssr_reserved_init() - perf util: Fix compression checks returning -1 as bool - perf arm_spe: Correct setting remote access - perf arm-spe: Rename the common data source encoding - perf arm_spe: Correct memory level for remote access - perf vendor events arm64 AmpereOneX: Fix typo - should be l1d_cache_access_prefetches - perf session: Fix handling when buffer exceeds 2 GiB - perf tools: Add fallback for exclude_guest - perf evsel: Ensure the fallback message is always written to - [arm64] clk: mediatek: mt8195-infra_ao: Fix parent for infra_ao_hdmi_26m - [arm64] clk: mediatek: clk-mux: Do not pass flags to clk_mux_determine_rate_flags() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (CVE-2025-40001) - [amd64] ASoC: SOF: Intel: hda-pcm: Place the constraint on period time instead of buffer time - [amd64] ASoC: SOF: Intel: Read the LLP via the associated Link DMA channel - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - drm/xe/hw_engine_group: Fix double write lock release in error path - [s390x] cio: Update purge function to unregister the unused subchannels - drm/vmwgfx: Fix a null-ptr access in the cursor snooper - drm/vmwgfx: Fix Use-after-free in validation - drm/vmwgfx: Fix copy-paste typo in validation - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - [arm64] net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work (CVE-2025-40003) - ice: ice_adapter: release xa entry on adapter allocation failure - tcp: take care of zero tp->window_clamp in tcp_set_rcvlowat() - [arm64] mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - [arm64] mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - [arm64] mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop - [arm64] mailbox: zynqmp-ipi: Fix SGI cleanup on unbind - bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} - [arm64] mailbox: mtk-cmdq-mailbox: Switch to __pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Switch to pm_runtime_put_autosuspend() - [arm64] mailbox: mtk-cmdq: Remove pm_runtime APIs from cmdq_mbox_send_data() - drm/amdgpu: Add additional DCE6 SCL registers - drm/amd/display: Add missing DCE6 SCL_HORZ_FILTER_INIT* SRIs - drm/amd/display: Properly clear SCL_*_FILTER_CONTROL on DCE6 - drm/amd/display: Properly disable scaling on DCE6 - netfilter: nft_objref: validate objref and objrefmap expressions - bridge: br_vlan_fill_forward_path_pvid: use br_vlan_group_rcu() - crypto: essiv - Check ssize for decryption and in-place encryption - cifs: Fix copy_to_iter return value check - smb: client: fix missing timestamp updates after utime(2) - cifs: Query EA $LXMOD in cifs_query_path_info() for WSL reparse points - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - [arm64] gpio: wcd934x: mark the GPIO controller as sleeping - bpf: Avoid RCU context warning when unpinning htab with internal structs - [s390x] vmlinux.lds.S: Reorder sections - [s390x] vmlinux.lds.S: Move .vmlinux.info to end of allocatable sections - ACPI: property: Fix buffer properties extraction for subnodes - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - ACPI: debug: fix signedness issues in read/write helpers - [arm64] dts: qcom: msm8916: Add missing MDSS reset - [arm64] dts: qcom: msm8939: Add missing MDSS reset - [arm64] dts: qcom: sdm845: Fix slimbam num-channels/ees - [arm64] dts: qcom: x1e80100-pmics: Disable pm8010 by default - [arm64] dts: ti: k3-am62a-main: Fix main padcfg length - [arm64] kprobes: call set_memory_rox() for kprobe page - [armhf] AM33xx: Implement TI advisory 1.0.36 (EMU0/EMU1 pins state on reset) - [armhf] OMAP2+: pm33xx-core: ix device node reference leaks in amx3_idle_init - [arm64] perf/arm-cmn: Fix CMN S3 DTM offset - dt-bindings: phy: rockchip-inno-csi-dphy: make power-domains non-required - xen/events: Cleanup find_virq() return codes - xen/manage: Fix suspend error path - xen/events: Return -EEXIST for bound VIRQs - xen/events: Update virq_to_irq on migration - [arm64] firmware: meson_sm: fix device leak at probe - media: cx18: Add missing check after DMA map - media: mc: Fix MUST_CONNECT handling for pads with no links - media: pci: ivtv: Add missing check after DMA map - media: pci: mg4b: fix uninitialized iio scan data - [arm64] media: venus: firmware: Use correct reset sequence for IRIS2 - media: vivid: fix disappearing messages - media: lirc: Fix error handling in lirc_register() - [arm64] drm/panthor: Fix memory leak in panthor_ioctl_group_create() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - drm/xe/uapi: loosen used tracking restriction - drm/amd/display: Enable Dynamic DTBCLK Switch - blk-crypto: fix missing blktrace bio split events - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - bus: mhi: ep: Fix chained transfer handling in read path - bus: mhi: host: Do not use uninitialized 'dev' pointer in mhi_init_irq_setup() - [arm64] clk: qcom: tcsrcc-x1e80100: Set the bi_tcxo as parent to eDP refclk - copy_sighand: Handle architectures where sizeof(unsigned long) < sizeof(u64) - [amd64] cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - [arm64,armhf] crypto: rockchip - Fix dma_unmap_sg() nents value - eventpoll: Replace rwlock with spinlock - fbdev: Fix logic error in "offb" name match - fs/ntfs3: Fix a resource leak bug in wnd_extend() - fs: quota: create dedicated workqueue for quota_release_work - fuse: fix possibly missing fuse_copy_finish() call in fuse_notify() - fuse: fix livelock in synchronous file put from fuseblk workers - iio: dac: ad5360: use int type to store negative error codes - iio: dac: ad5421: use int type to store negative error codes - iio: frequency: adf4350: Fix prescaler usage. - init: handle bootloader identifier in kernel parameters - iio: imu: inv_icm42600: Drop redundant pm_runtime reinitialization in resume - [amd64] iommu/vt-d: PRS isn't usable if PDS isn't supported - kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths - KEYS: trusted_tpm1: Compare HMAC values in constant time - lib/genalloc: fix device leak in of_gen_pool_get() - loop: fix backing file reference leak on validation error - openat2: don't trigger automounts with RESOLVE_NO_XDEV - nvme-pci: Add TUXEDO IBS Gen8 to Samsung sleep quirk - [powerpc*] powernv/pci: Fix underflow and leak issue - [powerpc*] pseries/msi: Fix potential underflow and leak issue - Revert "ipmi: fix msg stack when IPMI is disconnected" - sched/deadline: Fix race in push_dl_task() - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - scsi: sd: Fix build warning in sd_revalidate_disk() - sctp: Fix MAC comparison to be constant-time - xsk: Harden userspace-supplied xdp_desc validation - mmc: core: SPI mode remove cmd7 - mmc: mmc_spi: multiple block read remove read crc ack - [armhf] memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - rtc: interface: Fix long-standing race when setting alarm - [arm64] PCI: xilinx-nwl: Fix ECAM programming - [arm64,armhf] PCI: tegra: Convert struct tegra_msi mask_lock into raw spinlock - PCI/sysfs: Ensure devices are powered for config reads - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - PCI/ERR: Fix uevent on failure to recover - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/AER: Support errors introduced by PCIe r6.0 - [arm64] PCI: j721e: Fix programming sequence of "strap" settings - spi: cadence-quadspi: Flush posted register writes before INDAC access - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Fix cqspi_setup_flash() - [x86] fred: Remove ENDBR64 from FRED entry points - [x86] umip: Check that the instruction opcode is at least two bytes - [x86] umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - [s390x] dasd: enforce dma_alignment to ensure proper buffer validation - [s390x] dasd: Return BLK_STS_INVAL for EINVAL from do_dasd_request - [s390x] Add -Wno-pointer-sign to KBUILD_CFLAGS_DECOMPRESSOR - slab: prevent warnings when slab obj_exts vector allocation fails - slab: mark slab->obj_exts allocation failures unconditionally - wifi: ath11k: HAL SRNG: don't deinitialize and re-initialize again - wifi: mt76: mt7925u: Add VID/PID for Netgear A9000 - wifi: mt76: mt7921u: Add VID/PID for Netgear A7500 - mm/thp: fix MTE tag mismatch when replacing zero-filled subpages - mm/page_alloc: only set ALLOC_HIGHATOMIC for __GPF_HIGH allocations - mm/hugetlb: early exit from hugetlb_pages_alloc_boot() when max_huge_pages=0 - mm/damon/vaddr: do not repeat pte_offset_map_lock() until success - mm/damon/lru_sort: use param_ctx for damon_attrs staging - NFSD: Fix destination buffer size in nfsd4_ssc_setup_dul() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - ext4: add ext4_sb_bread_nofail() helper function for ext4_free_branches() - ext4: verify orphan file size is not too big - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - ext4: correctly handle queries for metadata mappings - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - ext4: fix an off-by-one issue during moving extents - ext4: guard against EA inode refcount underflow in xattr update - ext4: validate ea_ino and size in check_xattrs - ACPICA: Allow to skip Global Lock initialization - ext4: free orphan info with kvfree - media: mc: Clear minor number before put device - Squashfs: add additional inode sanity checking - Squashfs: reject negative file sizes in squashfs_read_inode() - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - mm/ksm: fix incorrect KSM counter handling in mm_struct during fork - [amd64] ASoC: SOF: ipc4-pcm: Enable delay reporting for ChainDMA streams - [amd64] ASoC: SOF: ipc4-pcm: fix delay calculation when DSP resamples - [amd64] mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - [amd64] mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - [amd64] mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - btrfs: fix the incorrect max_bytes value for find_lock_delalloc_range() - cpufreq: Make drivers using CPUFREQ_ETERNAL specify transition latency - [amd64] KVM: x86: Advertise SRSO_USER_KERNEL_NO to userspace - statmount: don't call path_put() under namespace semaphore - [arm64] mte: Do not flag the zero page as PG_mte_tagged - [x86] mtrr: Rename mtrr_overwrite_state() to guest_force_mtrr_state() - [x86] kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP - nfsd: Fix NFSD_MAY_BYPASS_GSS and NFSD_MAY_BYPASS_GSS_ON_ROOT - NFSD: Replace use of NFSD_MAY_LOCK in nfsd4_lock() - nfsd: refine and rename NFSD_MAY_LOCK - nfsd: don't use sv_nrthreads in connection limiting calculations. - nfsd: unregister with rpcbind when deleting a transport - ACPI: battery: allocate driver data through devm_ APIs - ACPI: battery: initialize mutexes through devm_ APIs - ACPI: battery: Check for error code from devm_mutex_init() call - ACPI: battery: Add synchronization between interface updates - ACPI: property: Disregard references in data-only subnode lists - ACPI: property: Add code comments explaining what is going on - ACPI: property: Do not pass NULL handles to acpi_attach_data() - mptcp: pm: in-kernel: usable client side with C-flag - ipmi: Rework user message limit handling - ipmi: Fix handling of messages with provided receive message pointer - mm/rmap: fix soft-dirty and uffd-wp bit loss when remapping zero-filled mTHP subpage to shared zeropage - [s390x] bpf: Centralize frame offset calculations - [s390x] bpf: Describe the frame using a struct instead of constants - [s390x] bpf: Write back tail call counter for BPF_PSEUDO_CALL - [s390x] bpf: Write back tail call counter for BPF_TRAMP_F_CALL_ORIG - [riscv64] irqchip/sifive-plic: Make use of __assign_bit() - [riscv64] irqchip/sifive-plic: Avoid interrupt ID 0 handling during suspend/resume - copy_file_range: limit size if in compat mode - minixfs: Verify inode mode when loading from disk - pid: Add a judgment for ns null in pid_nr_ns - fs: Add 'initramfs_options' to set initramfs mount options - cramfs: Verify inode mode when loading from disk - writeback: Avoid softlockup when switching many inodes - writeback: Avoid excessively long inode switching times - sched/fair: Block delayed tasks on throttled hierarchy during dequeue - nfsd: fix __fh_verify for localio - nfsd: fix access checking for NLM under XPRTSEC policies - [amd64] ASoC: SOF: ipc4-pcm: fix start offset calculation for chain DMA - mount: handle NULL values in mnt_ns_release() - nfsd: decouple the xprtsec policy check from check_nfsd_access() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.55 - drm/xe/guc: Check GuC running state before deregistering exec queue - smb: client: Fix refcount leak for cifs_sb_tlink - slab: reset slab->obj_ext when freeing and it is OBJEXTS_ALLOC_FAIL - r8152: add error handling in rtl8152_driver_init - f2fs: fix wrong block mapping for multi-devices - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: wait for ongoing I/O to complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - btrfs: fix clearing of BTRFS_FS_RELOC_RUNNING if relocation already running - btrfs: fix memory leak on duplicated memory in the qgroup assign ioctl - btrfs: fix incorrect readahead expansion length - btrfs: fix memory leaks when rejecting a non SINGLE data profile without an RST - btrfs: do not assert we found block group item when creating free space tree - can: gs_usb: gs_make_candev(): populate net_device->dev_port - can: gs_usb: increase max interface to U8_MAX - cifs: parse_dfs_referrals: prevent oob on malformed input - drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies - drm/amdgpu: use atomic functions with memory barriers for vm fault info - drm/amdgpu: fix gfx12 mes packet status return check - perf/core: Fix address filter match with backing files - perf/core: Fix MMAP event path names with backing files - perf/core: Fix MMAP2 event device with backing files - drm/amd: Check whether secure display TA loaded successfully - irqdomain: cdx: Switch to of_fwnode_handle() - [arm64] drm/msm/a6xx: Fix PDC sleep sequence - usb: gadget: Store endpoint pointer in usb_request - usb: gadget: Introduce free_usb_request helper - usb: gadget: f_ncm: Refactor bind path to use __free() - usb: gadget: f_acm: Refactor bind path to use __free() - usb: gadget: f_ecm: Refactor bind path to use __free() - usb: gadget: f_rndis: Refactor bind path to use __free() - cpufreq: CPPC: Avoid using CPUFREQ_ETERNAL as transition delay - Revert "io_uring/rw: drop -EOPNOTSUPP check in __io_complete_rw_common()" (Closes: #1116358) - HID: multitouch: fix sticky fingers - dax: skip read lock assertion for read-only filesystems - can: m_can: m_can_plat_remove(): add missing pm_runtime_disable() - can: m_can: m_can_handle_state_errors(): fix CAN state transition to Error Active - can: m_can: m_can_chip_config(): bring up interface in correct state - can: m_can: add deinit callback - can: m_can: call deinit/init callback when going into suspend/resume - can: m_can: fix CAN state in system PM - net: dlink: handle dma_map_single() failure properly - doc: fix seg6_flowlabel path - r8169: fix packet truncation after S4 resume on RTL8168H/RTL8111H - net/ip6_tunnel: Prevent perpetual tunnel growth - [amd64,arm64] amd-xgbe: Avoid spurious link down messages during interface toggle - tcp: fix tcp_tso_should_defer() vs large RTT - ksmbd: fix recursive locking in RPC handle list access - tg3: prevent use of uninitialized remote_adv and local_adv variables - tls: trim encrypted message to match the plaintext on short splice - tls: wait for async encrypt in case of error during latter iterations of sendmsg - tls: always set record_type in tls_process_cmsg - tls: wait for pending async decryptions if tls_strp_msg_hold fails - tls: don't rely on tx_work during send() - net: usb: lan78xx: Add error handling to lan78xx_init_mac_address - net: usb: lan78xx: fix use of improperly initialized dev->chipid in lan78xx_reset - [arm64] drm/panthor: Ensure MCU is disabled on suspend - nvme-multipath: Skip nr_active increments in RETRY disposition - [riscv64] kprobes: Fix probe address validation - [amd64] ASoC: nau8821: Cancel jdet_work before handling jack ejection - [amd64] ASoC: nau8821: Generalize helper to clear IRQ status - [amd64] ASoC: nau8821: Add DMI quirk to bypass jack debounce circuit - [amd64] drm/i915/guc: Skip communication warning on reset in progress - drm/amdgpu: add ip offset support for cyan skillfish - drm/amdgpu: add support for cyan skillfish without IP discovery - drm/amdgpu: fix handling of harvesting for ip_discovery firmware - drm/amd/powerplay: Fix CIK shutdown temperature - [arm64] drm/rockchip: vop2: use correct destination rectangle height check - sched/fair: Fix pelt lost idle time detection - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card - HID: hid-input: only ignore 0 battery events for digitizers - HID: multitouch: fix name of Stylus input devices - nvme/tcp: handle tls partially sent records in write_space() - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - xfs: rename the old_crc variable in xlog_recover_process - xfs: fix log CRC mismatches between i386 and other architectures - PM: runtime: Add new devm functions - iio: imu: inv_icm42600: Simplify pm_runtime setup - iio: imu: inv_icm42600: Avoid configuring if already pm_runtime suspended - nfsd: Use correct error code when decoding extents - nfsd: Drop dprintk in blocklayout xdr functions - NFSD: Rework encoding and decoding of nfsd4_deviceid - NFSD: Minor cleanup in layoutcommit processing - NFSD: Implement large extent array support in pNFS - NFSD: Fix last write offset handling in layoutcommit - wifi: rtw89: avoid possible TX wait initialization race - xfs: use deferred intent items for reaping crosslinked blocks - padata: Reset next CPU when reorder sequence wraps around - md/raid0: Handle bio_split() errors - md/raid1: Handle bio_split() errors - md/raid10: Handle bio_split() errors - md: fix mssing blktrace bio split events - [amd64] x86/resctrl: Refactor resctrl_arch_rmid_read() - [amd64] x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - d_alloc_parallel(): set DCACHE_PAR_LOOKUP earlier - vfs: Don't leak disconnected dentries on umount - PCI: Add PCI_VDEVICE_SUB helper macro - ixgbevf: Add support for Intel(R) E610 device - ixgbevf: fix getting link speed data for E610 devices - ixgbevf: fix mailbox API compatibility by negotiating supported features - tcp: convert to dev_net_rcu() - tcp: cache RTAX_QUICKACK metric in a hot cache line - net: dst: add four helpers to annotate data-races around dst->dev - ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] - net: Add locking to protect skb->dev access in ip_output - mptcp: Call dst_release() in mptcp_active_enable(). - mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). - mptcp: reset blackhole on success with non-loopback ifaces - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - [arm64] cputype: Add Neoverse-V3AE definitions - [arm64] errata: Apply workarounds for Neoverse-V3AE - [amd64] dmaengine: Add missing cleanup on module unload https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.56 - exec: Fix incorrect type for ret - hfs: clear offset and space out of valid records in b-tree node - hfs: make proper initalization of struct hfs_find_data - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - dlm: check for defined force value in dlm_lockspace_release - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - PCI: Test for bit underflow in pcie_set_readrq() - [arm64] sysreg: Correct sign definitions for EIESB and DoubleLock - drivers/perf: hisi: Relax the event ID check in the framework - [s390x] mm: Use __GFP_ACCOUNT for user page table allocations - smb: server: let smb_direct_flush_send_list() invalidate a remote key first - PM: EM: Drop unused parameter from em_adjust_new_capacity() - PM: EM: Slightly reduce em_check_capacity_update() overhead - PM: EM: Move CPU capacity check to em_adjust_new_capacity() - PM: EM: Fix late boot with holes in CPU topology - net/mlx5e: Return 1 instead of 0 in invalid case in mlx5e_mpwrq_umr_entry_size() - rtnetlink: Allow deleting FDB entries in user namespace - [arm64] net: enetc: fix the deadlock of enetc_mdio_lock - [arm64] net: enetc: correct the value of ENETC_RXB_TRUESIZE - [arm64] dpaa2-eth: fix the pointer passed to PTR_ALIGN on Tx path - net/mlx5e: Reuse per-RQ XDP buffer to avoid stack zeroing overhead - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for legacy RQ - net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ - net/smc: fix general protection fault in __smc_diag_dump - [arm64] net: ethernet: ti: am65-cpts: fix timestamp loss due to race conditions - [arm64] mm: avoid always making PTE dirty in pte_mkwrite() - ptp: ocp: Fix typo using index 1 instead of i in SMA initialization loop - sctp: avoid NULL dereference when chunk data buffer is missing - net: phy: micrel: always set shared->phydev for LAN8814 - net/mlx5: Fix IPsec cleanup over MPV device - fs/notify: call exportfs_encode_fid with s_umount - net: bonding: fix possible peer notify event loss or dup issue - dma-debug: don't report false positives with DMA_BOUNCE_UNALIGNED_KMALLOC - arch_topology: Fix incorrect error check in topology_parse_cpu_capacity() - btrfs: directly free partially initialized fs_info in btrfs_check_leaked_roots() - gpio: pci-idio-16: Define maximum valid register address offset - gpio: 104-idio-16: Define maximum valid register address offset - xfs: fix locking in xchk_nlinks_collect_dir - Revert "cpuidle: menu: Avoid discarding useful information" - slab: Avoid race on slab->obj_exts in alloc_slab_obj_exts - slab: Fix obj_ext mistakenly considered NULL due to race condition - ACPICA: Work around bogus -Wstringop-overread warning since GCC 11 - can: netlink: can_changelink(): allow disabling of automatic restart - cifs: Fix TCP_Server_Info::credits to be signed - ocfs2: clear extent cache after moving/defragmenting extents - vsock: fix lock inversion in vsock_assign_transport() - [arm64,armhf] net: stmmac: dwmac-rk: Fix disabling set_clock_selection - net: usb: rtl8150: Fix frame padding - mm: prevent poison consumption when splitting THP - drm/amd/display: increase max link count and fix link->enc NULL pointer access - [arm64] spi: spi-nxp-fspi: add extra delay after dll locked - [arm64] dts: broadcom: bcm2712: Add default GIC address cells - [arm64] dts: broadcom: bcm2712: Define VGIC interrupt - [arm64] firmware: arm_scmi: Account for failed debug initialization - [arm64] firmware: arm_scmi: Fix premature SCMI_XFER_FLAG_IS_RAW clearing in raw mode - [arm64] drm/panthor: Fix kernel panic on partial unmap of a GPU VA region - [riscv64] Define pgprot_dmacoherent() for non-coherent devices - [riscv64] Don't print details of CPUs disabled in DT - [riscv64] hwprobe: avoid uninitialized variable use in hwprobe_arch_id() - hwmon: (sht3x) Fix error handling - nbd: override creds to kernel when calling sock_{send,recv}msg() - drm/panic: Fix drawing the logo on a small narrow screen - drm/panic: Fix qr_code, ensure vmargin is positive - [amd64] gpio: ljca: Fix duplicated IRQ mapping - io_uring: correct __must_hold annotation in io_install_fixed_file - sched: Remove never used code in mm_cid_get() - io_uring/sqpoll: switch away from getrusage() for CPU accounting - io_uring/sqpoll: be smarter on when to update the stime usage - Bluetooth: btintel: Add DSBR support for BlazarIW, BlazarU and GaP (Closes: #1118660) - platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL (CVE-2025-39678) - USB: serial: option: add UNISOC UIS7720 - USB: serial: option: add Quectel RG255C - USB: serial: option: add Telit FN920C04 ECM compositions - usb/core/quirks: Add Huawei ME906S to wakeup quirk - usb: raw-gadget: do not limit transfer length - xhci: dbc: enable back DbC in resume if it was enabled before suspend - xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event - [amd64] x86/microcode: Fix Entrysign revision check for Zen1/Naples - [arm*] binder: remove "invalid inc weak" check - [amd64] comedi: fix divide-by-zero in comedi_buf_munge() (CVE-2025-40106) - [amd64] mei: me: add wildcat lake P DID - [arm64] misc: fastrpc: Fix dma_buf object leak in fastrpc_map_lookup - [amd64,arm64] tcpm: switch check for role_sw device with fw_node - dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp - serial: 8250_dw: handle reset control deassert error - serial: 8250_exar: add support for Advantech 2 port card with Device ID 0x0018 - [arm64] serial: 8250_mtk: Enable baud clock and manage in runtime PM - serial: sc16is7xx: remove useless enable of enhanced features - devcoredump: Fix circular locking dependency with devcd->mutex. - [arm64] mte: Do not warn if the page is already tagged in copy_highpage() - xfs: always warn about deprecated mount options - ksmbd: transport_ipc: validate payload size before reading handle (CVE-2025-40084) https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.57 - net/sched: sch_qfq: Fix null-deref in agg_dequeue (CVE-2025-40083) - audit: record fanotify event regardless of presence of rules - [amd64] perf/x86/intel: Add ICL_FIXED_0_ADAPTIVE bit into INTEL_FIXED_BITS_MASK - perf: Use current->flags & PF_KTHREAD|PF_USER_WORKER instead of current->mm == NULL - perf: Have get_perf_callchain() return NULL if crosstask and user are set - perf: Skip user unwind if the task is a kernel thread - seccomp: passthrough uprobe systemcall without filtering - [amd64] x86/bugs: Report correct retbleed mitigation status - [amd64] x86/bugs: Fix reporting of LFENCE retpoline - [amd64,arm64] EDAC/mc_sysfs: Increase legacy channel support to 16 - cpuset: Use new excpus for nocpu error check when enabling root partition - btrfs: abort transaction on specific error places when walking log tree - btrfs: abort transaction in the process_one_buffer() log tree walk callback - btrfs: zoned: return error from btrfs_zone_finish_endio() - btrfs: zoned: refine extent allocator hint selection - btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() - btrfs: always drop log root tree reference in btrfs_replay_log() - btrfs: use level argument in log tree walk callback replay_one_buffer() - btrfs: abort transaction if we fail to update inode in log replay dir fixup - btrfs: tree-checker: add inode extref checks - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - sched_ext: Make qmap dump operation non-destructive - arch: Add the macro COMPILE_OFFSETS to all the asm-offsets.c - docs: kdoc: handle the obsolescensce of docutils.ErrorString() - mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR - f2fs: fix to avoid panic once fallocation fails for pinfile (CVE-2025-23130) - wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() (CVE-2025-38643) - bonding: return detailed error when loading native XDP fails - bonding: check xdp prog when set bond mode (CVE-2025-22105) - bits: add comments and newlines to #if, #else and #endif directives - bits: introduce fixed-type GENMASK_U*() - gpio: regmap: Allow to allocate regmap-irq device - gpio: regmap: add the .fixed_direction_output configuration parameter - gpio: idio-16: Define fixed direction of the GPIO lines - [amd64] iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE (CVE-2025-21833) - wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995) - [amd64,arm64] udmabuf: fix a buf size overflow issue during udmabuf creation (CVE-2025-37803) - sfc: fix NULL dereferences in ef100_process_design_param() (CVE-2025-37860) - btrfs: tree-checker: fix bounds check in check_inode_extref() . [ Salvatore Bonaccorso ] * drivers/infiniband/hw/bnxt_re: Enable INFINIBAND_BNXT_RE as module (Closes: #1109977) . [ Ben Hutchings ] * d/salsa-ci.yml: Adjust filenames to allow source package name suffix * tools/hv: Make the sample hv_get_dhcp_info script more useful * hyperv-daemons: Install the sample network info scripts (Closes: #919350) * d/salsa-ci.yml: Fix cache configuration for build job * d/salsa-ci.yml: Move orig tarball generation to a separate job again * d/salsa-ci.yml: Restore lintian checking of source package linux-signed-arm64 (6.12.48+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.48-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.44 - serial: 8250: fix panic due to PSLVERR - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - platform/chrome: cros_ec: Unregister notifier in cros_ec_unregister() - PM: runtime: Take active children into account in pm_runtime_get_if_in_use() - dm: dm-crypt: Do not partially accept write BIOs with zoned targets - dm: Check for forbidden splitting of zone write operations - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: musb: omap2430: fix device leak at unbind - [arm64,armhf] usb: dwc3: meson-g12a: fix device leaks at unbind - [arm64] usb: dwc3: imx8mp: fix device leak at unbind - bus: mhi: host: Fix endianness of BHI vector table - bus: mhi: host: Detect events pointing to unexpected TREs - vt: keyboard: Don't process Unicode characters in K_OFF mode - vt: defkeymap: Map keycodes above 127 to K_HOLE - [amd64] crypto: qat - lower priority for skcipher and aead algorithms - [arm64,armhf] crypto: caam - Prevent crash on suspend with iMX8QM / iMX8ULP - [amd64] crypto: qat - flush misc workqueue during device shutdown - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ksmbd: fix refcount leak causing resource not released - ksmbd: extend the connection limiting mechanism to support IPv6 - tracing: fprobe-event: Sanitize wildcard for fprobe event name - ext4: check fast symlink for ea_inode correctly - ext4: fix fsmap end of range reporting with bigalloc - ext4: fix reserved gdt blocks handling in fsmap - ext4: use kmalloc_array() for array space allocation - ext4: fix hole length calculation overflow in non-extent inodes - btrfs: zoned: fix write time activation failure for metadata block group - btrfs: fix incorrect log message for nobarrier mount option - btrfs: restore mount option info messages during mount - btrfs: fix printing of mount info messages for NODATACOW/NODATASUM - apparmor: Fix 8-byte alignment for initial dfa blob streams - dt-bindings: display: sprd,sharkl3-dpu: Fix missing clocks constraints - dt-bindings: display: sprd,sharkl3-dsi-host: Fix missing clocks constraints - scsi: dt-bindings: mediatek,ufs: Add ufs-disable-mcq flag for UFS host - [arm64] scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE - scsi: mpi3mr: Fix race between config read submit and interrupt completion - ata: libata-scsi: Fix ata_to_sense_error() status handling - scsi: ufs: ufs-pci: Fix hibernate state transition for Intel MTL-like host controllers - scsi: ufs: ufs-pci: Fix default runtime and system PM levels - ata: libata-scsi: Fix CDL control - [arm64] soc: qcom: mdt_loader: Ensure we don't read past the ELF header - iio: imu: bno055: fix OOB access of hw_xlate array - iio: adc: ad_sigma_delta: change to buffer predisable - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - wifi: ath12k: fix dest ring-buffer corruption - wifi: ath12k: fix source ring-buffer corruption - wifi: ath12k: fix dest ring-buffer corruption when ring is full - wifi: ath11k: fix dest ring-buffer corruption - wifi: ath11k: fix source ring-buffer corruption - wifi: ath11k: fix dest ring-buffer corruption when ring is full - [arm64] pwm: mediatek: Handle hardware enable and clock enable separately - [arm64] pwm: mediatek: Fix duty and period setting - mtd: spi-nor: Fix spi_nor_try_unlock_all() - [arm64] mtd: spinand: propagate spinand_wait() errors from spinand_write_page() - readahead: fix return value of page_cache_next_miss() when no hole is found - PCI/portdrv: Use is_pciehp instead of is_hotplug_bridge - PCI: endpoint: Fix configfs group list head handling - PCI: endpoint: Fix configfs group removal on driver teardown - [arm64,armhf] PCI: imx6: Add IMX8MM_EP and IMX8MP_EP fixed 256-byte BAR 4 in epc_features - [arm64,armhf] PCI: imx6: Remove apps_reset toggling from imx_pcie_{assert/deassert}_core_reset - [arm64,armhf] PCI: imx6: Delay link start until configfs 'start' written - vsock/virtio: Validate length in packet header before skb_put() - vhost/vsock: Avoid allocating arbitrarily-sized SKBs - amdgpu/amdgpu_discovery: increase timeout limit for IFWI init - [amd64] ASoC: SOF: amd: acp-loader: Use GFP_KERNEL for DMA allocations in resume context - f2fs: fix to avoid out-of-boundary access in dnode page (CVE-2025-38677) - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - kbuild: userprogs: use correct linker when mixing clang and GNU ld - [arm64,armhf] soc/tegra: pmc: Ensure power-domains are in a known state - media: gspca: Add bounds checking to firmware parser - media: hi556: correct the test pattern configuration - [armhf] media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: ipu6: isys: Use correct pads for xlate_streams() - media: vivid: fix wrong pixel_array control size - media: verisilicon: Fix AV1 decoder clock frequency - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: usbtv: Lock resolution while streaming - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: pisp_be: Fix pm_runtime underrun in probe - media: ov2659: Fix memory leaks in ov2659_probe() - media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval - media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls - [arm64] media: qcom: camss: cleanup media device allocated resource on error path - [arm64] media: venus: Add a check for packet size after reading from shared memory - [arm64] media: venus: Fix MSM8998 frequency table - [arm64] media: venus: hfi: explicitly release IRQ during teardown - [arm64] media: venus: protect against spurious interrupts during probe - [arm64] media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - [arm64] media: venus: venc: Clamp param smaller than 1fps and bigger than 240 - drm/amdgpu/discovery: fix fw based ip discovery - drm/amd: Restore cached power limit during resume - drm/amdgpu: Avoid extra evict-restore process. - drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities - drm/amdgpu: Initialize data to NULL in imu_v12_0_program_rlc_ram() - drm/amdgpu: Update external revid for GC v9.5.0 - drm/amdgpu: update mmhub 3.0.1 client id mappings - drm/amdgpu: update mmhub 4.1.0 client id mappings - drm/amdkfd: Destroy KFD debugfs after destroy KFD wq - drm/amd/display: Add primary plane to commits for correct VRR handling - drm/amd/display: fix a Null pointer dereference vulnerability - drm/amd/display: Don't overwrite dce60_clk_mgr - net, hsr: reject HSR frame if skb can't hold tag - sched/ext: Fix invalid task state transitions on class switch - ipv6: sr: Fix MAC comparison to be constant-time - ACPI: pfr_update: Fix the driver update version check - mptcp: drop skb if MPTCP skb extension allocation fails - mptcp: pm: kernel: flush: do not reset ADD_ADDR limit - mm/damon/ops-common: ignore migration request to invalid nodes - [amd64] x86/sev: Ensure SVSM reserved fields in a page validation entry are initialized to zero - USB: typec: Use str_enable_disable-like helpers - usb: typec: fusb302: cache PD RX state - btrfs: qgroup: drop unused parameter fs_info from __del_qgroup_rb() - btrfs: qgroup: fix race between quota disable and quota rescan ioctl - btrfs: move transaction aborts to the error site in add_block_group_free_space() - btrfs: always abort transaction on failure to add block group to free space tree - btrfs: abort transaction on unexpected eb generation at btrfs_copy_root() - btrfs: explicitly ref count block_group on new_bgs list - btrfs: codify pattern for adding block_group to bg_list - btrfs: zoned: requeue to unused block group list if zone finish failed - xfs: fully decouple XFS_IBULK* flags from XFS_IWALK* flags - btrfs: send: factor out common logic when sending xattrs - btrfs: send: only use boolean variables at process_recorded_refs() - btrfs: send: add and use helper to rename current inode when processing refs - btrfs: send: keep the current inode's path cached - btrfs: send: avoid path allocation for the current inode when issuing commands - btrfs: send: use fallocate for hole punching with send stream v2 - btrfs: send: make fs_path_len() inline and constify its argument - netfs: Fix unbuffered write error handling - io_uring/net: commit partial buffers on retry - ata: libata-scsi: Return aborted command when missing sense and result TF - sched_ext: initialize built-in idle state before ops.init() - Revert "can: ti_hecc: fix -Woverflow compiler warning" - io_uring/futex: ensure io_futex_wait() cleans up properly on failure - iov_iter: iterate_folioq: fix handling of offset >= folio size - [arm64] iommu/arm-smmu-v3: Fix smmu_domain->nr_ats_masters decrement - mmc: sdhci-pci-gli: Add a new function to simplify the code - memstick: Fix deadlock by moving removing flag earlier - mmc: sdhci-pci-gli: GL9763e: Mask the replay timer timeout of AER - mmc: sdhci-pci-gli: GL9763e: Rename the gli_set_gl9763e() for consistency - NFS: Fix a race when updating an existing write - squashfs: fix memory leak in squashfs_fill_super - mm/debug_vm_pgtable: clear page table entries at destroy_args() - mm/memory-failure: fix infinite UCE for VM_PFNMAP pfn - ALSA: hda/realtek: Add support for HP EliteBook x360 830 G6 and EliteBook 830 G6 - RDMA/rxe: Flush delayed SKBs while releasing RXE resources - [s390x] sclp: Fix SCCB present check - [amd64] platform/x86/intel-uncore-freq: Check write blocked for ELC - kvm: retry nx_huge_page_recovery_thread creation - [amd64] accel/habanalabs/gaudi2: Use kvfree() for memory allocated with kvcalloc() - drm/amdgpu/swm14: Update power limit logic - drm/amd/display: Avoid a NULL pointer dereference - drm/amd/display: Don't overclock DCE 6 by 15% - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - drm/amd/display: Fix Xorg desktop unresponsive on Replay panel - drm/amd/display: Fix DP audio DTO1 clock source on DCE 6. - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fill display clock and vblank time in dce110_fill_display_configs - scsi: core: Fix command pass through retry regression - [arm64] soc: qcom: mdt_loader: Fix error return values in mdt_header_valid() - mptcp: remove duplicate sk_reset_timer call - mptcp: disable add_addr retransmission when timeout is 0 - Mark xe driver as BROKEN if kernel page size is not 4kB - [arm64,armhf] PCI: imx6: Add i.MX8Q PCIe Endpoint (EP) support - [arm64,armhf] PCI: imx6: Add IMX8MQ_EP third 64-bit BAR in epc_features - [arm64] PCI: rockchip: Use standard PCIe definitions - [arm64] PCI: rockchip: Set Target Link Speed to 5.0 GT/s before retraining - iio: adc: ad7173: fix setting ODR in probe - scsi: mpi3mr: Drop unnecessary volatile from __iomem pointers - scsi: mpi3mr: Serialize admin queue BAR writes on 32-bit systems - ext4: preserve SB_I_VERSION on remount - btrfs: subpage: keep TOWRITE tag until folio is cleaned - [arm64] dts: ti: k3-am6*: Add boot phase flag to support MMC boot - [arm64] dts: ti: k3-am62*: Add non-removable flag for eMMC - [arm64] dts: ti: k3-am6*: Remove disable-wp for eMMC - [arm64] dts: ti: k3-am62*: Move eMMC pinmux to top level board file - debugfs: fix mount options not being applied - smb: server: split ksmbd_rdma_stop_listening() out of ksmbd_rdma_destroy() - fs/buffer: fix use-after-free when call bh_read() helper - use uniform permission checks for all mount propagation changes - cpuidle: menu: Remove iowait influence - cpuidle: governors: menu: Avoid selecting states with too much latency - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - [arm64] mmc: sdhci_am654: Disable HS400 for AM62P SR1.0 and SR1.1 - ftrace: Also allocate and copy hash for reading of filter files - iio: pressure: bmp280: Use IS_ERR() in bmp280_common_probe() - iio: proximity: isl29501: fix buffered read on big-endian systems - most: core: Drop device reference after usage in get_channel() - kcov, usb: Don't disable interrupts in kcov_remote_start_usb_softirq() - cdx: Fix off-by-one error in cdx_rpmsg_probe() - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - [amd64] comedi: Make insn_rw_emulate_bits() do insn->n samples - [amd64] comedi: pcl726: Prevent invalid irq number - [amd64] comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() - usb: core: hcd: fix accessing unmapped memory in SINGLE_STEP_SET_FEATURE test - usb: renesas-xhci: Fix External ROM access timeouts - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: typec: maxim_contaminant: disable low power mode when reading comparator values - usb: typec: maxim_contaminant: re-enable cc toggle if cc is open and port is clean - usb: xhci: Fix slot_id resource race conflict - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - usb: dwc3: Remove WARN_ON for device endpoint command timeouts - usb: dwc3: pci: add support for the Intel Wildcat Lake - iio: light: Use aligned_s64 instead of open coding alignment. - iio: light: as73211: Ensure buffer holes are zeroed - iio: temperature: maxim_thermocouple: use DMA-safe buffer for spi_read() - tracing: Remove unneeded goto out logic - tracing: Limit access to parser->buffer when trace_get_user failed - [amd64] drm/i915/icl+/tc: Convert AUX powered WARN to a debug message - compiler: remove __ADDRESSABLE_ASM{_STR,}() again - [amd64] drm/i915/icl+/tc: Cache the max lane count value - ovl: use I_MUTEX_PARENT when locking parent in ovl_create_temp() - tls: fix handling of zero-length records on the rx_list - iio: imu: inv_icm42600: switch timestamp type from int64_t __aligned(8) to aligned_s64 - iio: imu: inv_icm42600: use = { } instead of memset() - iio: imu: inv_icm42600: Convert to uXX and sXX integer types - iio: imu: inv_icm42600: change invalid data error to -EBUSY - [amd64] x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper - drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). - cgroup/cpuset: Use static_branch_enable_cpuslocked() on cpusets_insane_config_key - cgroup/cpuset: Fix a partition error with CPU hotplug - drm/panic: Move drawing functions to drm_draw - drm/format-helper: Add conversion from XRGB8888 to BGR888 - drm/format-helper: Move helpers for pixel conversion to header file - drm/format-helper: Add generic conversion to 32-bit formats - iosys-map: Fix undefined behavior in iosys_map_clear() - [arm64] RDMA/hns: Fix querying wrong SCC context for DIP algorithm - RDMA/bnxt_re: Fix to do SRQ armena by default - RDMA/bnxt_re: Fix to remove workload check in SRQ limit path - RDMA/bnxt_re: Fix a possible memory leak in the driver - RDMA/bnxt_re: Fix to initialize the PBL array - RDMA/hns: Fix dip entries leak on devices newer than hip09 - net: bridge: fix soft lockup in br_multicast_query_expired() - scsi: qla4xxx: Prevent a potential error pointer dereference - [amd64] iommu/amd: Avoid stack buffer overflow from kernel cmdline (CVE-2025-38676) - Bluetooth: hci_sync: Fix scan state after PA Sync has been established - Bluetooth: btmtk: Fix wait_on_bit_timeout interruption during shutdown - Bluetooth: hci_sync: Prevent unintended PA sync when SID is 0xFF - Bluetooth: hci_event: fix MTU for BN == 0 in CIS Established - Bluetooth: hci_conn: do return error from hci_enhanced_setup_sync() - [arm64] drm/hisilicon/hibmc: refactored struct hibmc_drm_private - [arm64] drm/hisilicon/hibmc: fix the i2c device resource leak when vdac init failed - [arm64] drm/hisilicon/hibmc: fix the hibmc loaded failed bug - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() - drm/amd/display: Don't print errors for nonexistent connectors - net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - [arm64] net: ethernet: mtk_ppe: add RCU lock around dev_fill_forward_path - ppp: fix race conditions in ppp_fill_forward_path - net: ti: icssg-prueth: Fix HSR and switch offload Enablement during firwmare reload. - cifs: Fix oops due to uninitialised variable - phy: mscc: Fix timestamping for vsc8584 - net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization - gve: prevent ethtool ops after shutdown - net/smc: fix UAF on smcsk after smc_listen_out() - [s390x] mm: Do not map lowcore with identity mapping - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - igc: fix disabling L1.2 PCI-E link substate on I226 on init - [armhf] net: dsa: microchip: Fix KSZ9477 HSR port setup issue - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - ALSA: timer: fix ida_free call while not allocated - bonding: update LACP activity flag after setting lacp_active - bonding: send LACPDUs periodically in passive mode after receiving partner's LACPDU - [arm64] Octeontx2-af: Skip overlap check for SPI field - net/mlx5: Base ECVF devlink port attrs from 0 - net/mlx5: Relocate function declarations from port.h to mlx5_core.h - net/mlx5: Add IFC bits and enums for buf_ownership - net/mlx5e: Query FW for buffer ownership - net/mlx5e: Preserve shared buffer capacity during headroom updates - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - [s390x] hypfs: Avoid unnecessary ioctl registration in debugfs - [s390x] hypfs: Enable limited access during lockdown - netfilter: nf_reject: don't leak dst refcount for loopback packets https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.45 - rtla: Check pkg-config install - trace/fgraph: Fix the warning caused by missing unregister notifier - of: dynamic: Fix memleak when of_pci_add_properties() failed - of: dynamic: Fix use after free in of_changeset_add_prop_helper() - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - perf symbol-minimal: Fix ehdr reading in filename__read_build_id - vhost: Fix ioctl # for VHOST_[GS]ET_FORK_FROM_OWNER - scsi: core: sysfs: Correct sysfs attributes access rights - smb: client: fix race with concurrent opens in unlink(2) - smb: client: fix race with concurrent opens in rename(2) - [arm64] ASoC: codecs: tx-macro: correct tx_macro_component_drv name - erofs: fix atomic context detection when !CONFIG_DEBUG_LOCK_ALLOC - ACPI: EC: Add device to acpi_ec_no_wakeup[] qurik list - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - [arm64] drm/msm: Defer fd_install in SUBMIT ioctl - of: reserved_mem: Restructure call site for dma_contiguous_early_fixup() - [arm64] drm/msm/kms: move snapshot init earlier in KMS init - [arm64] drm/msm: update the high bitfield of certain DSI registers - [arm64] drm/mediatek: Add error handling for old state CRTC in atomic_disable - [powerpc*] kvm: Fix ifdef to remove build warning - HID: input: rename hidinput_set_battery_charge_status() - HID: input: report battery status changes immediately - net: macb: fix unregister_netdev call order in macb_remove() - Bluetooth: hci_event: Treat UNKNOWN_CONN_ID on disconnect as success - Bluetooth: hci_event: Mark connection as closed during suspend disconnect - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - Bluetooth: hci_sync: fix set_local_name race condition - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - drm/nouveau: remove unused increment in gm200_flcn_pio_imem_wr - drm/nouveau: remove unused memory target test - ice: don't leave device non-functional if Tx scheduler config fails - ice: use fixed adapter index for E825C embedded devices - ice: fix incorrect counter for buffer allocation failures - dt-bindings: display/msm: qcom,mdp5: drop lut clock - net: dlink: fix multicast stats being counted incorrectly - drm/xe/xe_sync: avoid race during ufence signaling - drm/xe: Don't trigger rebind on initial dma-buf validation - phy: mscc: Fix when PTP clock is register and unregister - bnxt_en: Fix memory corruption when FW resources change during ifdown - bnxt_en: Adjust TX rings if reservation is less than requested - bnxt_en: Fix stats context reservation logic - net/mlx5: Reload auxiliary drivers on fw_activate - net/mlx5: Fix lockdep assertion on sync reset unload event - net/mlx5: Nack sync reset when SFs are present - net/mlx5e: Update and set Xon/Xoff upon MTU set - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Set local Xoff after FW update - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net: stmmac: xgmac: Correct supported speed modes - net: stmmac: Set CIC bit only for TX queues with COE - [amd64,arm64] hv_netvsc: Link queues to NAPIs - [amd64,arm64] net: hv_netvsc: fix loss of early receive events from host during channel open. - net: rose: split remove and free operations in rose_remove_neigh() - net: rose: convert 'use' field to refcount_t - net: rose: include node references in rose_neigh refcount - sctp: initialize more fields in sctp_v6_from_sk() - l2tp: do not use sock_hold() in pppol2tp_session_get_sock() - fbnic: Move phylink resume out of service_task and into open/close - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - net: macb: Disable clocks once - [amd64] KVM: x86: use array_index_nospec with indices that come from guest - [riscv64] KVM: fix stack overrun when loading vlenb - [amd64] x86/microcode/AMD: Handle the case of no BIOS microcode - [amd64] x86/cpu/topology: Use initial APIC ID from XTOPOLOGY leaf on AMD/HYGON - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() - HID: quirks: add support for Legion Go dual dinput modes - HID: logitech: Add ids for G PRO 2 LIGHTSPEED - HID: wacom: Add a new Art Pen 2 - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - blk-zoned: Fix a lockdep complaint about recursive locking - dma/pool: Ensure DMA_DIRECT_REMAP allocations are decrypted - fs/smb: Fix inconsistent refcnt update - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - smb3 client: fix return code mapping of remap_file_range - xfs: do not propagate ENODATA disk errors into xattr code - drm/xe/vm: Clear the scratch_pt pointer on error - drm/nouveau/disp: Always accept linear modifier - drm/nouveau: fix error path in nvkm_gsp_fwsec_v2 - drm/mediatek: Fix device/node reference count leaks in mtk_drm_get_all_drm_priv - drm/amd/amdgpu: disable hwmon power1_cap* for gfx 11.0.3 on vf mode - net: rose: fix a typo in rose_clear_routes() - PCI: Rename PCIE_RESET_CONFIG_DEVICE_WAIT_MS to PCIE_RESET_CONFIG_WAIT_MS - PCI: dwc: Ensure that dw_pcie_wait_for_link() waits 100 ms after link up - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - [arm64] thermal/drivers/mediatek/lvts_thermal: Change lvts commands array to static const - [arm64] thermal/drivers/mediatek/lvts_thermal: Add lvts commands and their sizes to driver data - [arm64] thermal/drivers/mediatek/lvts_thermal: Add mt7988 lvts commands https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.46 - bpf: Add cookie object to bpf maps - bpf: Move bpf map owner out of common struct - bpf: Move cgroup iterator helpers to bpf.h - bpf: Fix oob access in cgroup local storage (CVE-2025-38502) - btrfs: fix race between logging inode and checking if it was logged before - btrfs: fix race between setting last_dir_index_offset and inode logging - btrfs: avoid load/store tearing races when checking if an inode was logged - cdc_ncm: Flag Intel OEM version of Fibocom L850-GL as WWAN - drm/amd/display: Don't warn when missing DCE encoder caps - cpupower: Fix a bug where the -t option of the set subcommand was not working. - Bluetooth: hci_sync: Avoid adding default advertising on startup - btrfs: zoned: skip ZONE FINISH of conventional zones - fs: writeback: fix use-after-free in __mark_inode_dirty() - tee: fix NULL pointer dereference in tee_shm_put - tee: fix memory leak in tee_dyn_shm_alloc_helper - [arm64] dts: rockchip: Add vcc-supply to SPI flash on rk3399-pinebook-pro - [arm64] tee: optee: ffa: fix a typo of "optee_ffa_api_is_compatible" - [arm64] dts: imx8mp-tqma8mpql: fix LDO5 power off - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on DH electronics i.MX8M Plus DHCOM - [arm64] dts: imx8mp: Fix missing microSD slot vqmmc on Data Modul i.MX8M Plus eDM SBC - HID: simplify snto32() - HID: stop exporting hid_snto32() - HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) - net: usb: qmi_wwan: fix Telit Cinterion FN990A name - net: usb: qmi_wwan: fix Telit Cinterion FE990A name - net: usb: qmi_wwan: add Telit Cinterion FN990A w/audio composition - [arm64] mmc: sdhci-of-arasan: Support for emmc hardware reset - [arm64] mmc: sdhci-of-arasan: Ensure CD logic stabilization before power-up - wifi: cfg80211: fix use-after-free in cmp_bss() - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work - wifi: mt76: mt7925: fix locking in mt7925_change_vif_links() - wifi: mt76: prevent non-offchannel mgmt tx during scan/roc - wifi: mt76: free pending offchannel tx frames on wcid cleanup - wifi: mt76: fix linked list corruption - netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: iwlwifi: uefi: check DSM item validity - Bluetooth: vhci: Prevent use-after-free by removing debugfs files early - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: nft_flowtable.sh: re-run with random mtu sizes - net_sched: gen_estimator: fix est_timer() vs CONFIG_PREEMPT_RT=y - [amd64] xirc2ps_cs: fix register access when enabling FullDuplex - mISDN: Fix memory leak in dsp_hwec_enable() - bnxt_en: fix incorrect page count in RX aggr ring log - icmp: fix icmp_ndo_send address translation for reply direction - net: macb: Fix tx_ptr_lock locking - macsec: read MACSEC_SA_ATTR_PN with nla_get_uint - net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() - net: mctp: mctp_fraq_queue should take ownership of passed skb - ice: fix NULL access of tx->in_use in ice_ll_ts_intr - [amd64,arm64] idpf: set mac type when adding and removing MAC filters - i40e: remove read access to debugfs files - i40e: Fix potential invalid access when MAC list is empty - ixgbe: fix incorrect map used in eee linkmode - wifi: ath11k: fix group data packet drops during rekey - net/tcp: Fix socket memory leak in TCP-AO failure handling for IPv6 - [arm64] net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - net: skb: add pskb_network_may_pull_reason() helper - net: tunnel: add pskb_inet_may_pull_reason() helper - net: vxlan: add skb drop reasons to vxlan_rcv() - net: vxlan: make vxlan_snoop() return drop reasons - vxlan: Fix NPD when refreshing an FDB entry with a nexthop object - net: vxlan: make vxlan_set_mac() return drop reasons - net: vxlan: use kfree_skb_reason() in vxlan_xmit() - net: vxlan: use kfree_skb_reason() in vxlan_mdb_xmit() - net: vxlan: rename SKB_DROP_REASON_VXLAN_NO_REMOTE - vxlan: Refresh FDB 'updated' time upon 'NTF_USE' - vxlan: Avoid unnecessary updates to FDB 'used' time - vxlan: Add RCU read-side critical sections in the Tx path - vxlan: Rename FDB Tx lookup function - vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects - wifi: cw1200: cap SSID length in cw1200_do_join() - wifi: libertas: cap SSID len in lbs_associate() - wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() - [arm64] net: thunder_bgx: add a missing of_node_put - [arm64] net: thunder_bgx: decrement cleanup index before use - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net/smc: Remove validation of reserved bits in CLC Decline message - mctp: return -ENOPROTOOPT for unknown getsockopt options - ax25: properly unshare skbs in ax25_kiss_rcv() - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ppp: fix memory leak in pad_compress_skb - phy: mscc: Stop taking ts_lock for tx_queue and use its own lock - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - [amd64] accel/ivpu: Prevent recovery work from being queued during device removal - ACPI/IORT: Fix memory leak in iort_rmr_alloc_sids() - [arm64] ftrace: fix unreachable PLT for ftrace_caller in init_module with CONFIG_DYNAMIC_FTRACE - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453) - [amd64] x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() - mm/userfaultfd: fix kmap_local LIFO ordering for CONFIG_HIGHPTE - mm: move page table sync declarations to linux/pgtable.h - mm: fix possible deadlock in kmemleak - mm: slub: avoid wake up kswapd in set_track_prepare - sched: Fix sched_numa_find_nth_cpu() if mask offline - ocfs2: prevent release journal inode after journal shutdown - of_numa: fix uninitialized memory nodes causing kernel panic - [arm64] soc: qcom: mdt_loader: Deal with zero e_shentsize - wifi: mwifiex: Initialize the chan_stats array to zero - wifi: mt76: mt7925u: use connac3 tx aggr check in tx complete - wifi: mt76: mt7996: Initialize hdr before passing to skb_put_data() - wifi: mt76: mt7925: fix the wrong bss cleanup for SAP - net: ethernet: oa_tc6: Handle failure of spi_setup - drm/amdgpu: drop hw access in non-DC audio fini - drm/amd/display: Clear the CUR_ENABLE register on DCN314 w/out DPP PG - [amd64] platform/x86/amd/pmc: Add TUXEDO IB Pro Gen10 AMD to spurious 8042 quirks list - scsi: lpfc: Fix buffer free/clear order in deferred receive path - batman-adv: fix OOB read/write in network-coding decode - cifs: prevent NULL pointer dereference in UTF16 conversion - e1000e: fix heap overflow in e1000_set_eeprom - net: pcs: rzn1-miic: Correct MODCTRL register offset - fs/fhandle.c: fix a race in call of has_locked_children() (CVE-2025-38306) - [arm64,armhf] net: dsa: add hook to determine whether EEE is supported - [arm64,armhf] net: dsa: provide implementation of .support_eee() - [armhf] net: dsa: b53/bcm_sf2: implement .support_eee() method - [armhf] net: dsa: b53: do not enable EEE on bcm63xx (CVE-2025-38272) - md/raid1,raid10: don't ignore IO flags (CVE-2025-22125) - md/raid1,raid10: don't handle IO error for REQ_RAHEAD and REQ_NOWAIT - md/raid1,raid10: strip REQ_NOWAIT from member bios - ext4: define ext4_journal_destroy wrapper - ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) - wifi: ath11k: update channel list in reg notifier instead reg worker (CVE-2025-23133) - wifi: ath11k: update channel list in worker when wait flag is set - net: fix NULL pointer dereference in l3mdev_l3_rcv (CVE-2025-22103) - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb (CVE-2025-22124) - mm: slub: Print the broken data before restoring them - mm: slub: call WARN() when detecting a slab corruption - mm, slab: cleanup slab_bug() parameters - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - nouveau: fix disabling the nonstall irq due to storm code - mm: fix accounting of memmap pages - [arm64] thermal/drivers/mediatek/lvts: Disable low offset IRQ for minimum threshold - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - ALSA: hda/realtek: Fix headset mic for TongFang X6[AF]R5xxY - Revert "drm/amdgpu: Avoid extra evict-restore process." - pcmcia: omap: Add missing check for platform_get_resource - pcmcia: Add error handling for add_interval() in do_validate_mem() - [amd64] platform/x86: asus-wmi: Remove extra keys from ignore_key_wlan quirk - [amd64] platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID - block: add a queue_limits_commit_update_frozen helper - scsi: sr: Reinstate rotational media flag - drm/bridge: ti-sn65dsi86: fix REFCLK setting - perf bpf-event: Fix use-after-free in synthesis - perf bpf-utils: Constify bpil_array_desc - perf bpf-utils: Harden get_bpf_prog_info_linear - drm/amd/amdgpu: Fix missing error return on kzalloc failure - tools: gpio: remove the include directory on make clean - md: prevent incorrect update of resync/recovery offset - [riscv64] ACPI: RISC-V: Fix FFH_CPPC_CSR error handling - [riscv64] Only allow LTO with CMODEL_MEDANY - [riscv64] use lw when reading int cpu in new_vmalloc_check - [riscv64] use lw when reading int cpu in asm_per_cpu - [riscv64] bpf: use lw when reading int cpu in BPF_MOV64_PERCPU_REG - [riscv64] bpf: use lw when reading int cpu in bpf_get_smp_processor_id - md/raid1: fix data lost for writemostly rdev https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.47 - [amd64] Add mitigations for VMSCAPE (CVE-2025-40300): - Documentation/hw-vuln: Add VMSCAPE documentation - x86/vmscape: Enumerate VMSCAPE bug - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Enable the mitigation - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Warn when STIBP is disabled with SMT - x86/vmscape: Add old Intel CPUs to affected list https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.48 - fhandle: use more consistent rules for decoding file handle from userns - dma-debug: store a phys_addr_t in struct dma_debug_entry - dma-mapping: trace dma_alloc/free direction - dma-mapping: use trace_dma_alloc for dma_alloc* instead of using trace_dma_map - dma-mapping: trace more error paths - dma-debug: don't enforce dma mapping check on noncoherent allocations - net/mlx5: HWS, change error flow on matcher disconnect - mm: introduce and use {pgd,p4d}_populate_kernel() - dma-mapping: fix swapped dir/flags arguments to trace_dma_alloc_sgt_err - dma-debug: fix physical address calculation for struct dma_debug_entry - nvme-pci: skip nvme_write_sq_db on empty rqlist - Revert "udmabuf: fix vmap_udmabuf error page set" - ext4: introduce linear search for dentries - [amd64] drm/i915/pmu: Fix zero delta busyness issue - drm/amd/display: Fix error pointers in amdgpu_dm_crtc_mem_type_changed - Revert "drm/amd/display: Optimize cursor position updates" - ALSA: hda/realtek: Fix built-in mic assignment on ASUS VivoBook X515UA - drm/amdgpu: Add back JPEG to video caps for carrizo and newer - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read - SUNRPC: call xs_sock_process_cmsg for all cmsg - NFSv4: Don't clear capabilities that won't be reset (Closes: #1114898) - trace/fgraph: Fix error handling - tracing: Fix tracing_marker may trigger page fault during preempt_disable - nfs/localio: remove extra indirect nfs_to call to check {read,write}_iter - nfs/localio: add direct IO enablement with sync and async IO support - nfs/localio: restore creds before releasing pageio data - ftrace/samples: Fix function size computation - fs/nfs/io: make nfs_start_io_*() killable - NFS: Serialise O_DIRECT i/o and truncate() - NFSv4.2: Serialise O_DIRECT i/o and fallocate() - NFSv4.2: Serialise O_DIRECT i/o and clone range - NFSv4.2: Serialise O_DIRECT i/o and copy range - NFS: nfs_invalidate_folio() must observe the offset and size arguments - NFSv4/flexfiles: Fix layout merge mirror check. - tracing: Silence warning when chunk allocation fails in trace_pid_write - [s390x] pai: Deny all events not handled by this PMU - [s390x] cpum_cf: Deny all sampling events by counter PMU - bpf: Fix out-of-bounds dynptr write in bpf_crypto_crypt - bpf: Allow fall back to interpreter for programs with stack size <= 512 - bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - proc: fix type confusion in pde_set_flags() - Revert "SUNRPC: Don't allow waiting for exiting tasks" - mptcp: sockopt: make sync_socket_options propagate SOCK_KEEPOPEN - ocfs2: fix recursive semaphore deadlock in fiemap call - btrfs: fix squota compressed stats leak - btrfs: fix subvolume deletion lockup caused by inodes xarray race - [amd64] i2c: i801: Hide Intel Birch Stream SoC TCO WDT - net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups - [armhf] mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - [armhf] mtd: rawnand: stm32_fmc2: fix ECC overwrite - fuse: do not allow mapping a non-regular backing file - fuse: check if copy_file_range() returns larger than requested size - fuse: prevent overflow in copy_file_range return value - mm/khugepaged: fix the address passed to notifier on testing young - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - mm/memory-failure: fix redundant updates for already poisoned pages - mm/damon/core: set quota->charged_from to jiffies at first charge window - mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters() - [arm64] drm/mediatek: fix potential OF node use-after-free - drm/xe: Attempt to bring bos back to VRAM after eviction - drm/amdgpu/vcn: Allow limiting ctx to instance 0 for AV1 at any time - drm/amdgpu/vcn4: Fix IB parsing with multiple engine info packages - netlink: specs: mptcp: add missing 'server-side' attr - netlink: specs: mptcp: clearly mention attributes - netlink: specs: mptcp: replace underscores with dashes in names - netlink: specs: mptcp: fix if-idx attribute type - kernfs: Fix UAF in polling when open file is released - libceph: fix invalid accesses to ceph_connection_v1_info - ceph: fix race condition validating r_parent before applying state - ceph: fix race condition where r_parent becomes stale before sending message - mm/damon/sysfs: fix use-after-free in state_show() - mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters() - mm/hugetlb: add missing hugetlb_lock in __unmap_hugepage_range() - [arm64] mtd: spinand: winbond: Fix oob_layout for W25N01JW - btrfs: use readahead_expand() on compressed extents - btrfs: fix corruption reading compressed range when block size is smaller than page size - hrtimers: Unconditionally update target CPU base after offline timer migration - Input: i8042 - add TUXEDO InfinityBook Pro Gen10 AMD to i8042 quirk table - Revert "net: usb: asix: ax88772: drop phylink use in PM to avoid MDIO runtime PM wakeups" - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - dt-bindings: serial: brcm,bcm7271-uart: Constrain clocks - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - [arm64] drm/panthor: validate group queue count - [arm64,armhf] net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - genetlink: fix genl_bind() invoking bind() after -EPERM - net: bridge: Bounce invalid boolopts - tunnels: reset the GSO metadata before reusing the skb - docs: networking: can: change bcm_msg_head frames member to support flexible array - igb: fix link test skipping when interface is admin down - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - drm/amd/display: use udelay rather than fsleep - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - netfilter: nft_set_pipapo: remove unused arguments - netfilter: nft_set: remove one argument from lookup and update functions - netfilter: nft_set_pipapo: merge pipapo_get/lookup - netfilter: nft_set_pipapo: don't return bogus extension pointer - netfilter: nft_set_pipapo: don't check genbit from packetpath lookups - netfilter: nft_set_rbtree: continue traversal if element is inactive - netfilter: nf_tables: Reintroduce shortened deletion notifications - netfilter: nf_tables: place base_seq in struct net - netfilter: nf_tables: make nft_set_do_lookup available unconditionally - netfilter: nf_tables: restart set lookup on base_seq change - net: hsr: Add VLAN CTAG filter support - hsr: use rtnl lock when iterating over ports - hsr: use hsr_for_each_port_rtnl in hsr_port_get_hsr - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: fix override properties - [amd64] dmaengine: idxd: Remove improper idxd_free - [amd64] dmaengine: idxd: Fix refcount underflow on module unload - [amd64] dmaengine: idxd: Fix double free in idxd_setup_wqs() - [amd64] dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - xhci: fix memory leak regression when freeing xhci vdev devices depth first - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - [amd64,arm64] usb: typec: tcpm: properly deliver cable vdms to altmode drivers - [arm64] dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - [arm64] phy: tegra: xusb: fix device and OF node leak at probe - [armhf] phy: ti: omap-usb2: fix device leak at unbind - [armhf] phy: ti-pipe3: fix device leak at unbind - [amd64] x86/cpu/topology: Always try cpu_parse_topology_ext() on AMD/Hygon - net: mdiobus: release reset_gpio in mdiobus_unregister_device() - [amd64] drm/i915/power: fix size for for_each_set_bit() in abox iteration - drm/amdgpu: fix a memory leak in fence cleanup when unloading - netfilter: nft_set_pipapo: fix null deref for empty set . [ Santiago Ruano Rincón ] * d/salsa-ci.yml: Merge the extract-source job into the build's job script * d/salsa-ci.yml: Suppress unreleased changes and mismatching distribution lintian tags. * d/salsa-ci.yml: Early move orig tarballs back where they can be cached . [ Salvatore Bonaccorso ] * [rt] Add new signing key for Daniel Wagner * [rt] Update to 6.12.43-rt12 * [amd64] x86/bugs: Add SRSO_USER_KERNEL_NO support * [amd64] x86/bugs: KVM: Add support for SRSO_MSR_FIX * [amd64] KVM: SVM: Set/clear SRSO's BP_SPEC_REDUCE on 0 <=> 1 VM count transitions lnav (0.12.4-1+deb13u1) trixie; urgency=medium . * [notcurses] handle failure to set cregs from tmux (Closes: #1109004) log4cxx (1.4.0-1+deb13u1) trixie; urgency=medium . [ Lukas Märdian and Tobias Frost ] * Backport fixes for: - CVE-2025-54812: Improper HTML escaping in HTMLLayout (Closes: #1111879) - CVE-2025-54813: Improper escaping with JSONLayout (Closes: #1111881) logcheck (1.4.5+deb13u1) trixie; urgency=medium . [ Paul Aurich ] * Update and simplify regex in ignore.d.paranoid/ssh . [ Yasuhiro Kimura ] * Update ignore.d.paranoid/ssh and ignore.d.server/ssh lttng-modules (2.13.18-1+deb13u1) trixie; urgency=medium . * Fix potential kernel crash with syscall tracing (Closes: ##1117551) * [4b4342c] debian/gbp.conf: branch config for trixie * [a8a56d6] Add patch to fix syscall tracing with kernels >= v6.13 luksmeta (9-4+deb13u1) trixie; urgency=high . * Cherry-pick "Fix handling of large metadata". Closes: #111828 [CVE-2025-11568] luksmeta (9-4+deb12u1) bookworm; urgency=high . * Cherry-pick "Fix handling of large metadata". Closes: #111828 [CVE-2025-11568] lxcfs (6.0.4-1+deb13u1) trixie; urgency=medium . * d/control: - Add a dependency on fuse3 (Closes: #1114596) lxd (5.0.2+git20231211.1364ae4-9+deb13u1) trixie-security; urgency=high . * Backport fixes for the following security issues that are unfixed by Canonical in the stable-5.0 branch: - CVE-2025-54293 / GHSA-472f-vmf2-pr3h - CVE-2025-54287 / GHSA-w2hg-2v4p-vmh6 - CVE-2025-54288 / GHSA-7232-97c6-j525 * Backport fixes for the following security issues fixed by Canonical: - CVE-2025-54286 / GHSA-p8hw-rfjg-689h magit (4.3.5-1+deb13u1) trixie; urgency=medium . * Update d/gbp.conf to track trixie branch * Ship missing magit-dired.el in elpa-magit (Closes: 1120049) mailmindr (1.7.1-2~deb13u1) trixie; urgency=medium . * Rebuild to upload to trixie after thunderbird 140.3 malcontent (0.13.0-2+deb13u1) trixie; urgency=medium . * Team upload . [ Alessandro Astone ] * Fix filtering snaps after snapd 2.72 (Closes: #1120080, LP: #2128350) * Fix listing flatpaks in parental control UI (Closes: #1113776) * Fix memory leak when checking snaps mapserver (8.4.0-4+deb13u1) trixie; urgency=medium . * Update branch in gbp.conf & Vcs-Git URL. * Add upstream patch to fix CVE-2025-59431. * Update symbols for msStringUnescape. mc (3:4.8.33-1+deb13u1) trixie; urgency=high . * Non-maintainer upload. * Added debian/patches/subshell-fd.patch (Closes: #1108061) modsecurity-apache (2.9.11-1+deb13u1) trixie; urgency=medium . * Add patch against new CVE; Fixes CVE-2025-54571 (Closes: #1110480) * Remove d/patches/aclocal.patch, not necessary monitoring-plugins (2.4.0-3+deb13u1) trixie; urgency=medium . * [3cb6abf] d/.gitlab-ci.yml: Change RELEASE to trixie * [1b5ea7b] Adding d/patches/25_check_users_sd_get_uids to fix user count * [b92ed85] Adding d/p/26_check_mysql_replica from upstream (Closes: #1116027) * [4362a8d] d/control: Adding libsystemd-dev and libsystemd0 as build-dep (Closes: #1110265) * [22de282] d/control: Drop libsystemd0 from build-deps, pulled by libsystemd-dev mpv (0.40.0-3+deb13u1) trixie; urgency=medium . * debian/gbp.conf: Work on debian/trixie branch * debian/patches: Create missing folders for watch history (Closes: #1115938) mrtg (2.17.10-13+deb13u1) trixie; urgency=medium . * debian/patches/010_enable-www-dir.patch: dropped because it is generating duplicate information in config file when using the cfgmaker command (WorkDir field). Thanks to Lloyd . (Closes: #1111333) nextcloud-desktop (3.16.7-1~deb13u1) trixie; urgency=medium . * Rebuild for Trixie. . nextcloud-desktop (3.16.7-1) unstable; urgency=medium . * New upstream release. . nextcloud-desktop (3.16.6-3) unstable; urgency=medium . * Release to unstable (#1091614 is fixed). . nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) . nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nextcloud-desktop (3.16.6-3) unstable; urgency=medium . * Release to unstable (#1091614 is fixed). . nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) . nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nextcloud-desktop (3.16.6-2) experimental; urgency=medium . * Fix again "nextcloud enters busy loop when using a share on NTFS." (Closes: 1091614) nextcloud-desktop (3.16.6-1) experimental; urgency=medium . * New upstream release. * Update patch hunks. * Remove patch for #1091614, it seems fixed on upstream. nfdump (1.7.5-2+deb13u1) trixie; urgency=medium . * [3d717345] Cherry-Pick upstream fix for -S (subdir) together with -M (multiple sources) (Closes: #1112376) * [018d04be] Salsa CI: Adjust for trixie * [5cb8e85c] d/gbp.conf: Adjust for trixie nncp (8.11.0-4+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * Prevent path traversal during freq/file (CVE-2025-60020) (Closes: #1115848) node-sha.js (2.4.11+~2.4.0-2+deb13u1) trixie-security; urgency=medium . * Team upload * Fix improper input validation vulnerability (Closes: #1111769, CVE-2025-9288) * Add dependencies to node-get-intrinsic, node-isarray and node-is-typed-array node-sha.js (2.4.11+~2.4.0-2+deb12u1) bookworm-security; urgency=medium . * Fix improper input validation vulnerability (Closes: #1111769, CVE-2025-9288) * Add dependencies to node-get-intrinsic, node-isarray and node-is-typed-array node-tar-fs (3.0.9+~cs2.0.4-1+deb13u1) trixie-security; urgency=medium . * Team upload * Apply fix for CVE-2025-59343 (Closes: #1116338) nova (2:31.0.0-6+deb13u1) trixie; urgency=high . * A vulnerability has been identified in OpenStack Nova and OpenStack Watcher in conjunction with volume swap operations performed by the Watcher service. Under specific circumstances, this can lead to a situation where two Nova libvirt instances could reference the same block device, allowing accidental information disclosure to the unauthorized instance. Added upstream patch: OSSN-0094_restrict_swap_volume_to_cinder.patch. (Closes: #1111689). * Blacklist non-deterministic unit test: - ComputeTestCase.test_add_remove_fixed_ip_updates_instance_updated_at nvidia-graphics-drivers-tesla-535 (535.274.02-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie. . nvidia-graphics-drivers-tesla-535 (535.274.02-1) unstable; urgency=medium . * New upstream LTS and Tesla branch release 535.274.02 (2025-09-30). * Fixed CVE-2025-23280, CVE-2025-23282, CVE-2025-23300, CVE-2025-23330, CVE-2025-23332, CVE-2025-23345. (Closes: #1118688) https://nvidia.custhelp.com/app/answers/detail/a_id/5703 . [ Andreas Beckmann ] * Refresh patches. onetbb (2022.1.0-1+deb13u1) trixie; urgency=medium . * Team upload. * Skip some tests when the machine has a single CPU. Closes: #1108053. * Skip test_mutex, it fails in Salsa CI. Closes: #1094260. open-vm-tools (2:12.5.0-2+deb13u1) trixie; urgency=high . * [eb68735] Gitlab CI / GBP configs: use trixie * [21e31a4] Disable (default) the execution of the SDMP get-versions.sh script (CVE-2025-41244) Thanks to Salvatore Bonaccorso * [0e87684] Generate debdiffs in salsa CI automatically openjdk-21 (21.0.9+10-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie openjdk-21 (21.0.9~8ea-1) unstable; urgency=medium . * OpenJDK 21.0.9 early access, build 8. . [ Matthias Klose ] * d/rules: Let the install target depend on the build target. Closes: #1105471. . [ Vladimir Petko ] * d/t/problems.csv: Synchronize problem list. openjdk-21 (21.0.9~5ea-1) unstable; urgency=medium . * OpenJDK 21.0.9 early access, build 5. . [ Vladimir Petko ] * d/copyright-generator/copyright-gen.py: bump copyright year. * d/copyright: regenerate. . [ Matthias Klose ] * Build using GCC 15 on development releases. openjdk-25 (25.0.1+8-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie openjdk-25 (25+36-1) unstable; urgency=medium . * OpenJDK 25 GA, build 36. Release notes: https://mail.openjdk.org/pipermail/jdk-dev/2025-September/010483.html . [ Vladimir Petko ] * d/rules: Mark as release. * d/watch: Regenerate. openjdk-25 (25~36ea-1) unstable; urgency=medium . * OpenJDK 25 snapshot, Build 36. * Build using GCC 15 on development releases. openjdk-25 (25~34ea-1) unstable; urgency=medium . * OpenJDK 25 snapshot, Build 34. . [ Matthias Klose ] * Update VCS attributes. . [ Vladimir Petko ] * d/copyright-generator/copyright-gen.py: bump copyright year. * d/copyright: regenerate. openssl (3.5.4-1~deb13u1) trixie; urgency=medium . * Import 3.5.4 openssl (3.5.3-1) unstable; urgency=medium . * Import 3.5.3 * Drop pic & Bsymbolic patches. This shouldn't be needed anymore. openssl (3.5.2-1) unstable; urgency=medium . * Import 3.5.2 openssl (3.5.1-1+deb13u1) trixie-security; urgency=medium . * CVE-2025-9230 (Out-of-bounds read & write in RFC 3211 KEK Unwrap) * CVE-2025-9231 (Timing side-channel in SM2 algorithm on 64 bit ARM) * CVE-2025-9232 (Out-of-bounds read in HTTP client no_proxy handling) openvpn-auth-radius (2.1-9+deb13u1) trixie; urgency=medium . * patches/0008-authenticate-fix: Fix packet authentication (Closes: Bug#1118479) orphan-sysvinit-scripts (0.21+deb13u2) trixie; urgency=medium . * Add haveged init script (Closes: #1118622) patroni (4.0.7-3~deb13u1) trixie; urgency=medium . * Upload to stable. patroni (4.0.7-2) unstable; urgency=medium . * debian/tests/acceptance: Further changes to stopping etcd. If the init script exists, use it. Otherwise, if systemd is available, use that. If neither are available, do not try to stop etcd. patroni (4.0.7-1) unstable; urgency=medium . * New upstream release. * debian/patches/startup_scripts.patch: Refreshed. * debian/patches/avoid_overwriting_configuration_during_boostrap.patch: Likewise. * debian/patches/replslot-cluster-type-attribute.patch: Likewise. * debian/tests/acceptance: Only stop etcd if init script exists. pdns-recursor (5.2.6-0+deb13u1) trixie-security; urgency=medium . * New upstream version 5.2.6, fixing CVE-2025-59023. pdns-recursor (5.2.5-1) unstable; urgency=medium . * New upstream version 5.2.5 pdns-recursor (5.2.4-2+deb13u1) trixie; urgency=medium . * d/gbp.conf: update for trixie branch * d/rules: fix DEB_VERSION/DEB_VENDOR being empty. Thanks to Steve Mokris (Closes: #1113814) * d/rules: stop setting CARGO_REGISTRY, fixes Static-Built-Using Thanks to Fabian Gruenbichler. phpmyadmin (4:5.2.2-really+dfsg-1+deb13u1) trixie; urgency=medium . * Update d/missing-source for CVE-2025-3573 - jquery-validation - Fix XSS in the showLabel() function poppler (25.03.0-5+deb13u2) trixie; urgency=high . [ Leonidas Da Silva Barbosa ] * SECURITY UPDATE: Denial of service - debian/patches/CVE-2025-50420.patch: don't continue recursing in PDFDoc in poppler/PDFDoc.cc. - CVE-2025-50420 (Closes: #1110463) postfix (3.10.5-1~deb13u1) trixie; urgency=medium . * new upstream stable/bugfix 3.10.5 release, with multiple fixes. From the upstream release notes: - Workaround for an interface mis-match between the Postfix SMTP client and MTA-STS policy plugins. * The existing behavior is to connect to any MX host listed in DNS, and to match the server certificate against any STS policy MX host pattern. * The corrected behavior is to connect to an MX host only if its name matches any STS policy MX host pattern, and to match the server certificate against the MX hostname. The corrected behavior must be enabled in two places: in Postfix with a new parameter "smtp_tls_enforce_sts_mx_patterns" (default: "yes") and in an MTA-STS plugin by enabling TLSRPT support, so that the plugin forwards STS policy attributes to Postfix. This works even if Postfix TLSRPT support is disabled at build time or at runtime. - TLSRPT Workaround: when a TLSRPT policy-type value is "no-policy-found", pretend that the TLSRPT policy domain value is equal to the recipient domain. This ignores that different policy types (TLSA, STS) use different policy domains. But this is what Microsoft does, and therefore, what other tools expect. - Bugfix (defect introduced: Postfix 3.0): the Postfix SMTP client's connection reuse logic did not distinguish between sessions that require SMTPUTF8 support, and sessions that do not. The solution is 1) to store sessions with different SMTPUTF8 requirements under distinct connection cache storage keys, and 2) to not cache a connection when SMTPUTF8 is required but the server does not support that feature - Bugfix (defect introduced: Postfix 3.0, date 20140731): the smtpd 'disconnect' command statistics did not count commands with "bad syntax" and "bad UTF-8 syntax" errors - Postfix 3.11 forward compatibility: to avoid ugly warnings when Postfix 3.11 is rolled back to an older version, allow a preliminary 'size' record in maildrop queue files created with Postfix 3.11 or later - Bugfix (defect introduced: Postfix 3.8, date 20220128): non-reproducible build, because the 'postconf -e' output order for new main.cf entries was no longer deterministic - To make builds predictable, add missing meta_directory and shlib_directory settings to the stock main.cf file - Bugfix (defect introduced: Postfix 3.9, date 20230517): posttls-finger(1) logged an incorrectly-formatted port number * debian/patches/debian-defaults.patch: refresh, update for 2 new parameters (with defaults) in main.cf, and make it with less context * configure-instance.in: fix typo which caused recreating cadir in chroot and excessive logging (Closes: #1115412) postfix (3.10.4-3) unstable; urgency=medium . * Revert "std23-bool.patch: gcc-15 support (#1097639)" (didn't work) * rules: specify -std=gnu17 for CC for now (actually Closes: #1097639) postfix (3.10.4-2) unstable; urgency=medium . * std23-bool.patch: gcc-15 support (Closes: #1097639) * configure-instance.in: fix typo which caused recreating cadir in chroot and excessive logging (Closes: #1115412) postfix (3.10.4-1) unstable; urgency=medium . * New upstream stable/bugfix version 3.10.4, with a handful of fixes * d/rules: use pkgconf for mongoc instead of hard-coding paths/libs presage (0.9.1-2.6+deb13u1) trixie; urgency=medium . * debian/patches: + Add allow-words-with-apostrophes-to-be-predicted.patch. Support suggesting words containing apostrophes. Don't crash maliit-server / lomiri-keyboard / lomiri when using /usr/lib/lomiri-keyboard/plugins/en/database_en.db presage DB. (Closes: #770831, LP:#1384800). privatebin-cli (2.0.2-1+deb13u1) trixie; urgency=medium . * d/patches: Add patch to fix GCM issues with newer golang. (Closes: #1108675) proftpd-dfsg (1.3.8.c+dfsg-4+deb13u1) trixie; urgency=medium . [ Evgeni Golov ] * Do not remove non-empty /srv/ftp upon purge (Closes: #1119295). puppet-module-puppetlabs-rabbitmq (8.5.0-8+deb13u1) trixie; urgency=medium . * fix-list_users-provider.patch: also handle the case when there's no users at all. * Add setup-all-nodes-as-disk-nodes.patch. puppet-module-tempest (25.0.0-1+deb13u1) trixie; urgency=medium . * Add Fix_autoloading_of_openstack_provider.patch. python-eventlet (0.39.1-2+deb13u1) trixie; urgency=medium . * CVE-2025-58068: Eventlet is a concurrent networking library for Python. Prior to version 0.40.3, the Eventlet WSGI parser is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer sections. This vulnerability could enable attackers to, bypass front-end security controls, launch targeted attacks against active site users, and poison web caches. Applied upstream patch (Closes: #1112515): - Fix_request_smuggling_vulnerability_by_discarding_trailers.patch python-internetarchive (5.4.0-2~deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * backport fix for directory transversal issue (Closes: #1114635, CVE-2025-58438) qemu (1:10.0.6+ds-0+deb13u2) trixie; urgency=medium . * d/changelog: remove wrong closes: #1095935 from the previous changelog entry (and reopen the bug): I confused it with another bug * linux-user-use-correct-type-for-FIBMAP-and-FIGETBSZ.patch - add a patch from upstream stable series (before next stable release) - fix wrong emulation of FIBMAP and FIGETBSZ ioctls. Needed for s390x cloud images. Will be in next upstream stable release, so will be removed in next debian. (Closes: #1119257) qemu (1:10.0.6+ds-0+deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.6 release - linux-user/microblaze: Fix little-endianness binary - target/hppa: correct size bit parity for fmpyadd - target/i386: user: do not set up a valid LDT on reset - async: access bottom half flags with qatomic_read - target/i386: fix x86_64 pushw op - i386/tcg/smm_helper: Properly apply DR values on SMM entry / exit - i386/cpu: Prevent delivering SIPI during SMM in TCG mode - i386/kvm: Expose ARCH_CAP_FB_CLEAR when invulnerable to MDS - target/i386: Fix CR2 handling for non-canonical addresses - block/curl.c: Use explicit long constants in curl_easy_setopt calls - pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs - target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN=32 and SEW=64 - target/riscv: Fix ssamoswap error handling - target/riscv: Fix SSP CSR error handling in VU/VS mode - target/riscv: Fix the mepc when sspopchk triggers the exception - target/arm: Don't set HCR.RW for AArch32 only CPUs - pcie_sriov: make pcie_sriov_pf_exit() safe on non-SR-IOV devices - docs/devel: Correct uefi-vars-x64 device name - hid: fix incorrect return value for hid - ui/gtk: Fix callback function signature - ui/gtk: Consider scaling when propagating ui info - Revert "i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check" - Revert "target/i386: do not expose ARCH_CAPABILITIES on AMD CPU" * new upstream stable/bugfix release: - Update version for 10.0.5 release - tests/functional/test_aarch64_sbsaref_freebsd: Fix the URL of the ISO image - tests/functional/test_ppc_bamboo: Replace broken link with working assets - physmem: Destroy all CPU AddressSpaces on unrealize - memory: New AS helper to serialize destroy+free - include/system/memory.h: Clarify address_space_destroy() behaviour - migration: Fix state transition in postcopy_start() error handling - target/riscv: rvv: Modify minimum VLEN according to enabled vector extensions - target/riscv: rvv: Replace checking V by checking Zve32x - target/riscv: Fix endianness swap on compressed instructions - hw/riscv/riscv-iommu: Fixup PDT Nested Walk - target/riscv: do not use translator_ldl in opcode_at - target/riscv: use riscv_csrr in riscv_csr_read - hw/char: sifive_uart: Raise IRQ according to the Tx/Rx watermark thresholds - docs/interop/firmware: Add riscv64 to FirmwareArchitecture - hw/riscv/riscv-iommu: Fix MSI table size limit - ui/icons/qemu.svg: Add metadata information (author, license) to the logo - ui/spice: Fix abort on macOS - ppc/spapr: init lrdr-capapcity phys with ram size if maxmem not provided - hw/intc/xics: Add missing call to register vmstate_icp_server - hw/usb/hcd-uhci: don't assert for SETUP to non-0 endpoint Closes: #1082377 (CVE-2024-8354) - tests/tcg/multiarch: Add tb-link test - accel/tcg: Properly unlink a TB linked to itself - tests: Fix "make check-functional" for targets without thorough tests - .gitlab-ci.d/buildtest.yml: Unset CI_COMMIT_DESCRIPTION for htags - tcg/optimize: Fix folding of vector bitsel - hw/pci-host/astro: Don't call pci_regsiter_root_bus() in init - hw/pci-host/dino: Don't call pci_register_root_bus() in init - target/sparc: Relax decode of rs2_or_imm for v7 - target/sparc: Loosen decode of RDTBR for v7 - target/sparc: Loosen decode of RDWIM for v7 - target/sparc: Loosen decode of RDPSR for v7 - target/sparc: Loosen decode of RDY for v7 - target/sparc: Loosen decode of STBAR for v8 - target/sparc: Allow TRANS macro with no extra arguments - linux-user: avoid -Werror=int-in-bool-context - multiboot: Fix the split lock - target/i386: Define enum X86ASIdx for x86's address spaces - i386/cpu: Enable SMM cpu address space under KVM - hw/usb/network: Remove hardcoded 0x40 prefix in STRING_ETHADDR response - rust: hpet: fix new warning - ci: run RISC-V cross jobs by default - tests/docker/dockerfiles/python.docker: pull fedora:40 image instead of fedora:latest - .gitmodules: move u-boot mirrors to qemu-project-mirrors - iotests/check: always enable all python warnings - iotests/151: ensure subprocesses are cleaned up - iotests/147: ensure temporary sockets are closed before exiting - python: ensure QEMUQtestProtocol closes its socket - iotests: drop compat for old version context manager - python: backport 'avoid creating additional event loops per thread' - python: backport 'Remove deprecated get_event_loop calls' - python: backport 'qmp-tui: Do not crash if optional dependencies are not met' - python: backport 'qmp-shell-wrap: handle missing binary gracefully' - python: backport 'Use @asynciocontextmanager' - python: backport 'drop Python3.6 workarounds' - python: backport 'kick event queue on legacy event_pull()' - ui/vnc: Fix crash when specifying [vnc] without id in the config file - target/loongarch: Guard 64-bit-only insn translation with TRANS64 macro - target/loongarch: Add CRC feature flag and use it to gate CRC instructions * new upstream stable/bugfix release: - Update version for 10.0.4 release - block/curl: fix curl internal handles handling (Closes: #1111809) - hw/gpio/pca9554: Avoid leak in pca9554_set_pin() - hw/ppc: Fix build error with CONFIG_POWERNV disabled - target/mips: fix TLB huge page check to use 64-bit shift - linux-user/mips: Select M14Kc CPU to run microMIPS binaries - linux-user/mips: Select 74Kf CPU to run MIPS16e binaries - elf: Add EF_MIPS_ARCH_ASE definitions - e1000e: Prevent crash from legacy interrupt firing after MSI-X enable - Revert "tests/qtest: use qos_printf instead of g_test_message" - vfio scsi ui: Error-check qio_channel_socket_connect_sync() the same way - i386/kvm/vmsr_energy: Plug memory leak on failure to connect socket - qga: Fix truncated output handling in guest-exec status reporting - qga-vss: Write hex value of error in log - qga/installer: Remove QGA VSS if QGA installation failed - hw/arm/stm32f205_soc: Don't leak TYPE_OR_IRQ objects - qemu/atomic: Finish renaming atomic128-cas.h headers - scripts/kernel-doc: Avoid new Perl precedence warning - target/arm: Trap PMCR when MDCR_EL2.TPMCR is set - hw/intc/arm_gicv3_kvm: preserve pending interrupts during cpr - linux-user: Add strace for rseq - i386/tcg/svm: fix incorrect canonicalization - python: mkvenv: fix messages printed by mkvenv - hw/uefi: open json file in binary mode - hw/uefi: check access for first variable - hw/uefi: return success for notifications - hw/uefi: clear uefi-vars buffer in uefi_vars_write callback - mkvenv: Support pip 25.2 - hw/sd/ssi-sd: Return noise (dummy byte) when no card connected - qemu-iotests: Ignore indentation in Killed messages - rbd: Fix .bdrv_get_specific_info implementation - hw/nvme: cap MDTS value for internal limitation - hw/nvme: revert CMIC behavior - hw/nvme: fix namespace attachment - target/loongarch: Fix [X]VLDI raising exception incorrectly - ui/curses: Fix infinite loop on windows - ppc/xive2: Fix treatment of PIPR in CPPR update - ppc/xive2: Fix irq preempted by lower priority group irq - ppc/xive2: Reset Generation Flipped bit on END Cache Watch - ppc/xive: Fix PHYS NSR ring matching - ppc/xive2: fix context push calculation of IPB priority - ppc/xive2: Remote VSDs need to match on forwarding address - ppc/xive2: Fix calculation of END queue sizes - ppc/xive: Report access size in XIVE TM operation error logs - ppc/xive: Fix xive trace event output - target/i386/cpu: Move addressable ID encoding out of compat property in CPUID[0x1] - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16] - i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check - Revert "i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16]" (The 5 changes above Closes: #1095935 in 10.0.x) - qga: correctly write to /sys/power/state on linux (Closes: #1108387) - scripts/make-release: Go back to cloning all the EDK2 submodules - target/arm: add support for 64-bit PMCCNTR in AArch32 mode - hw/ssi/aspeed_smc: Fix incorrect FMC_WDT2 register read on AST1030 - target/arm: Fix handling of setting SVE registers from gdb - target/arm: Fix big-endian handling of NEON gdb remote debugging - hw/intc/arm_gicv3_kvm: Write all 1's to clear enable/active - hw/i386/amd_iommu: Move IOAPIC memory region initialization to the end - intel_iommu: Allow both Status Write and Interrupt Flag in QI wait - pcie_sriov: Fix configuration and state synchronization - virtio-net: Fix VLAN filter table reset timing - vhost: Do not abort on log-stop error - vhost: Do not abort on log-start error - virtio: fix off-by-one and invalid access in virtqueue_ordered_fill - target/loongarch: Fix valid virtual address checking - target/riscv: Restrict midelegh access to S-mode harts - target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts - intc/riscv_aplic: Fix target register read when source is inactive - target/riscv: Fix pmp range wraparound on zero - target/riscv: Fix exception type when VU accesses supervisor CSRs - target/riscv: do not call GETPC() in check_ret_from_m_mode() - linux-user/strace.list: add riscv_hwprobe entry - roms/Makefile: fix npcmNxx_bootrom build rules - system/physmem: fix use-after-free with dispatch - hw/net/cadence_gem: fix register mask initialization - target/mips: Only update MVPControl.EVP bit if executed by master VPE - docs/user: clarify user-mode expects the same OS - linux-user/aarch64: Support TPIDR2_MAGIC signal frame record - linux-user/aarch64: Clear TPIDR2_EL0 when delivering signals - target/i386: fix width of third operand of VINSERTx128 - hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation - host-utils: Drop workaround for buggy Apple Clang __builtin_subcll() * drop patches included upstream: - hw-display-qxl-render.c-fix-qxl_unpack_chunks-chunk-.patch - pcie_sriov-Fix-configuration-and-state-synchronizati.patch - system-physmem-fix-use-after-free-with-dispatch.patch * d/control.mk: 10.0.6+ds qemu (1:10.0.3+ds-4) unstable; urgency=medium . [ Heinrich Schuchardt ] * d/control: qemu-system-riscv missing recommends qemu-system-riscv needs the same/similar packages for EFI, spice, opengl, special block devices, as qemu-system-arm and qemu-system-x86 . [ Michael Tokarev ] * d/control: omit system-xen if omit-system build profile is specified this makes pkg.qemu.omit-system to omit all system components, including xen * qemu-user binfmts: stop supporting old kernels using custom patch qemu supports argv[0] handling with a help of kernel support since at least bullseye (or even buster), - for a really long time. There's no need to use custom code for older kernels anymore. Also closes: #1054104 * d/binfmt-install: do not generate update-binfmt un-registration postinst script for upgrades from bookworm * d/control: drop old (pre-bookworm) breaks/replaces/conflicts/provides * hw-uefi-clear-uefi-vars-buffer-in-uefi_vars_write-CVE-2025-8860.patch Closes: #1111030, CVE-2025-8860 * d/control: remove long-forgotten qemu-system-common dependency on acl (for #762192) which is not needed * remove qemu-user-static package (& qemu-debootstrap) remove links to qemu-user with -static suffix, together with obsolete qemu-debootstrap command. qemu-user-static is now provided by qemu-user-binfmt package. Also closes: #1107554 * d/gbp.conf: switch to master branch qemu (1:10.0.3+ds-3) unstable; urgency=medium . * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration. This means suid and sgid binaries under qemu-user will work without changing credentials. This is a serious security issue, since qemu-user never supposed to be used in this way, and it is trivial to get elevated privileges for an attacker if there's any suid/sgid binary under qemu-user which is runnable for an attacker. This change might break CI/testing environment expectations. * d/qemu-user.postinst: trigger /usr/lib/binfmt.d (#1110982) * d/rules: fix typo in comment (it is qemu-system-data, not qemu-user-data) qemu (1:10.0.3+ds-2) unstable; urgency=medium . * d/control: (temporarily) build-depend on python3-distlib to work around new pip 25.2+ in forky qemu (1:10.0.3+ds-1) unstable; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.3 release - hvf: arm: Emulate ICC_RPR_EL1 accesses properly - target/arm: Correct encoding of Debug Communications Channel registers https://gitlab.com/qemu-project/qemu/-/issues/2986 - ui: fix setting client_endian field defaults - hw/net/npcm_gmac.c: Send the right data for second packet in a row - target/i386: do not expose ARCH_CAPABILITIES on AMD CPU - i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] - i386/cpu: Fix overflow of cache topology fields in CPUID.04H - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - ui/vnc: Do not copy z_stream - vhost: Fix used memslot tracking when destroying a vhost device - roms: re-remove execute bit from hppa-firmware* - file-posix: Fix aio=reads performance regression after enablign FUA https://issues.redhat.com/browse/RHEL-96854 - amd_iommu: Fix truncation of oldval in amdvi_writeq - amd_iommu: Remove duplicated definitions - amd_iommu: Fix the calculation for Device Table size - amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE - amd_iommu: Fix masks for various IOMMU MMIO Registers - amd_iommu: Update bitmasks representing DTE reserved fields - amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command - amd_iommu: Fix Miscellaneous Information Register 0 encoding - virtio-net: Add queues for RSS during migration - net: fix buffer overflow in af_xdp_umem_create() - accel/kvm: Adjust the note about the minimum required kernel version - linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC - migration: Don't sync volatile memory after migration completes - linux-user: Hold the fd-trans lock across fork https://gitlab.com/qemu-project/qemu/-/issues/2846 - linux-user: Check for EFAULT failure in nanosleep - linux-user: Implement fchmodat2 syscall https://gitlab.com/qemu-project/qemu/-/issues/3019 - hw/arm/fsl-imx8mp: Wire VIRQ and VFIQ - target/arm: Don't enforce NSE,NS check for EL3->EL3 returns https://gitlab.com/qemu-project/qemu/-/issues/3016 - target/i386: fix TB exit logic in gen_movl_seg() when writing to SS https://gitlab.com/qemu-project/qemu/-/issues/2987 - target/arm: Fix bfdotadd_ebf vs nan selection - target/arm: Fix f16_dotadd vs nan selection - target/arm: Fix PSEL size operands to tcg_gen_gvec_ands - target/arm: Fix 128-bit element ZIP, UZP, TRN - target/arm: Fix sve_access_check for SME - target/arm: Fix SME vs AdvSIMD exception priority - hw/s390x/ccw-device: Fix memory leak in loadparm setter - virtio-gpu: support context init multiple timeline - target/arm: Correct KVM & HVF dtb_compatible value - target/arm: Make RETA[AB] UNDEF when pauth is not implemented - tcg: Fix constant propagation in tcg_reg_alloc_dup https://gitlab.com/qemu-project/qemu/-/issues/3002 - target/loongarch: fix vldi/xvldi raise wrong error - target/loongarch: add check for fcond - linux-user/arm: Fix return value of SYS_cacheflush - hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions - qemu-options.hx: Fix reversed description of icount sleep behavior - hw/arm/virt: Check bypass iommu is not set for iommu-map DT property - hw/loongarch/virt: Fix big endian support with MCFG table - hw/core/qdev-properties-system: Add missing return in set_drive_helper() - iotests: fix 240 - target/i386: Remove FRED dependency on WRMSRNS - hw/audio/asc: fix SIGSEGV in asc_realize() - audio: fix size calculation in AUD_get_buffer_size_out() - audio: fix SIGSEGV in AUD_get_buffer_size_out() - hw/i386/amd_iommu: Fix xtsup when vcpus < 255 - hw/i386/amd_iommu: Fix device setup failure when PT is on. - hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine - vhost: Don't set vring call if guest notifier is unused - hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info - ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats - ui/vnc: take account of client byte order in pixman format - ui/vnc.c: replace big endian flag with byte order value - ui/sdl: Consider scaling in mouse event handling - ui/gtk: Update scales in fixed-scale mode when rendering GL area - gtk/ui: Introduce helper gd_update_scale - ui/gtk: Use consistent naming for variables in different coordinates - ui/gtk: Document scale and coordinate handling - hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts - hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang * d/gbp.conf: switch to debian-trixie branch * d/control.mk: checked-version=10.0.3+ds * qemu-img-options.patch: adjust help text for "convert" subcommand: use the historic option which were accepted by the upstream, not the new option introduced in this patch * pcie_sriov-Fix-configuration-and-state-synchronizati.patch from upstream Closes: #1109989, CVE-2025-54566, CVE-2025-54567 qt6-base (6.8.2+dfsg-9+deb13u1) trixie; urgency=medium . * Backport patch to fix high CPU load of kwin_x11 when locking the screen. quicktext (6.4.6-1~deb13u1) trixie; urgency=medium . * Rebuildfor trixie after upload thunderbird 140.3 quicktext (6.4.4-1~exp1) experimental; urgency=medium . [ Mechtilde ] * [c2fa859] Improved d/u/metadata using Mozilla repo * [747d9c9] Fixed d/dpb.conf * [be3897e] New upstream version 6.4.4 * [c2fa859] Improved d/u/metadata using Mozilla repo * [747d9c9] Fixed d/dpb.conf * [be3897e] New upstream version 6.4.4 quicktext (6.4.1-1~exp1) experimental; urgency=medium . [ Mechtilde ] * [19f530b] New upstream version 6.4.1 * [a42d224] New upstream version 6.4 * [f37aa19] Bumped version of thunderbird * [1fc0b84] Added d/dpb.conf for using with debian-package-scripts * [a72aabf] Bumped version for thunderbird rabbitmq-server (4.0.5-6+deb13u2) trixie; urgency=medium . * CVE-2025-50200: In versions 3.13.7 and prior, RabbitMQ is logging authorization headers in plaintext encoded in base64. When querying RabbitMQ api with HTTP/s with basic authentication it creates logs with all headers in request, including authorization headers which show base64 encoded username:password. This is easy to decode and afterwards could be used to obtain control to the system depending on credentials. Added upstream patch: Fix_Cowboy_crashes_caused_by_double_reply.patch. (Closes: #1108075) redis (5:8.0.2-3+deb13u1) trixie-security; urgency=medium . * CVE-2025-49844 / CVE-2025-46819 / CVE-2025-46818 / CVE-2025-46817 request-tracker5 (5.0.7+dfsg-4+deb13u1) trixie-security; urgency=medium . * Apply upstream patch which fixes several security vulnerabilities: - [CVE-2025-61873] Fix CSV injection via ticket values with special characters that are exported to a TSV from search results. - [CVE-2025-9158] Fix XSS via calendar invitations added to a ticket. riseup-vpn (0.24.10+ds1-1+deb13u1) trixie; urgency=medium . * Add qml6-module-qtcore to Depends (Closes: #1110558) rocm-hipamd (5.7.1-6+deb13u1) trixie; urgency=medium . [ Cordell Bloor ] * Add d/p/0041-inline-bf16-functions.patch to mark functions defined in amd_hip_bf16.h as inline. This change prevents multiple definition errors during linking for programs that include in more than one translation unit (Closes: #1116585) * Fix hipcc manpage title (Closes: #1107681) * Fix spelling error in roc-obj-ls manpage rsyslog-doc (8.2504.0+dfsg-1+deb13u1) trixie; urgency=medium . * Switch debian-branch to debian/trixie * Use sphinx_rtd_theme instead of the sphinx default theme. This matches what upstream has been using in the past and results in a nicer looking and more usable output, e.g. it produces a proper toc in the sidebar. ruby-rack (3.1.18-1~deb13u1) trixie-security; urgency=medium . * New upstream version 3.1.18. - CVE-2025-61772: Multipart parser buffers unbounded per-part headers, enabling DoS (memory exhaustion). - CVE-2025-61771: Multipart parser buffers large non‑file fields entirely in memory, enabling DoS (memory exhaustion). - CVE-2025-61770: Unbounded multipart preamble buffering enables DoS (memory exhaustion). - CVE-2025-61780 Improper handling of headers in Rack::Sendfile may allow proxy bypass. - CVE-2025-61919 Unbounded read in Rack::Request form parsing can lead to memory exhaustion. - Closes: #1117855, #1117856, #1117627, #1117628 ruby-sys-filesystem (1.4.4-1+deb13u1) trixie; urgency=medium . * Backport upstream PR#82 to fix linux64 detection fails on s390x and alpha (Closes: #1114552). rust-virtiofsd (1.13.2-1+deb13u1) trixie; urgency=medium . * add Depends: uidmap. Closes: #1109051 virtiofsd uses uidmap when run in a user namespace, and this is the most secure way to use it. So uidmap package is basically required. sail (0.9.8-1+deb13u1) trixie; urgency=medium . * Add upstream patches to fix security vulnerabilities. (Closes: #1112346) - CVE-2025-32468 - CVE-2025-35984 - CVE-2025-46407 - CVE-2025-50129 - CVE-2025-52456 - CVE-2025-52930 - CVE-2025-53085 - CVE-2025-53510 samba (2:4.22.6+dfsg-0+deb13u1) trixie; urgency=medium . * new upstream stable/security release: - https://bugzilla.samba.org/show_bug.cgi?id=15843: macOS Finder client DFS broken on 4.22.0 - https://bugzilla.samba.org/show_bug.cgi?id=15900: 'net ads group' failed to list domain groups - https://bugzilla.samba.org/show_bug.cgi?id=15905: samba-4.21 fails to join AD when multiple DCs are returned - https://bugzilla.samba.org/show_bug.cgi?id=15919: vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev for fsync_send - https://bugzilla.samba.org/show_bug.cgi?id=15921: CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set - https://bugzilla.samba.org/show_bug.cgi?id=15926: Samba 4.22 breaks Time Machine - https://bugzilla.samba.org/show_bug.cgi?id=15927: Spotlight search restriction for shares incomplete and default search searches in too many attributes - https://bugzilla.samba.org/show_bug.cgi?id=15931: rpcd_mdssvc may crash because name mangling is not initialized - https://bugzilla.samba.org/show_bug.cgi?id=15933: Only increment lease epoch if a lease was granted . * new upstream security release: - CVE-2025-9640: Uninitialized memory disclosure via vfs_streams_xattr https://www.samba.org/samba/security/CVE-2025-9640.html - CVE-2025-10230: Command injection via WINS server hook script https://www.samba.org/samba/security/CVE-2025-10230.html samba (2:4.22.6+dfsg-0+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports (resolve before-trixie build profile). samba (2:4.22.4+dfsg-1) unstable; urgency=medium . * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 - https://bugzilla.samba.org/show_bug.cgi?id=15663: Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine) - https://bugzilla.samba.org/show_bug.cgi?id=15816: vfs_streams_depot fstatat broken - https://bugzilla.samba.org/show_bug.cgi?id=15840: kinit command is failing with Missing cache Error - https://bugzilla.samba.org/show_bug.cgi?id=15844: getpwuid does not shift to new DC when current DC is down - https://bugzilla.samba.org/show_bug.cgi?id=15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName - https://bugzilla.samba.org/show_bug.cgi?id=15877: Fix handling of empty GPO link - https://bugzilla.samba.org/show_bug.cgi?id=15880: SMB ACL inheritance doesn't work for files created - https://bugzilla.samba.org/show_bug.cgi?id=15881: Unresponsive second DC can cause idmapping failure when using idmap_ad (was libads-fix-get_kdc_ip_string.patch) - https://bugzilla.samba.org/show_bug.cgi?id=15891: Figuring out the DC name from IP address fails and breaks fork_domain_child() - https://bugzilla.samba.org/show_bug.cgi?id=15892: Delayed leader broadcast can block ctdb forever * libads-fix-get_kdc_ip_string.patch: remove, included upstream * d/gbp.conf: debian-branch=debian/4.22 samhain (4.1.4-6+deb13u1) trixie; urgency=medium . * d/rules: - Quick fix preventing potential segfaults (Closes: #1111631) shibboleth-sp (3.5.0+dfsg-2+deb13u1) trixie-security; urgency=high . * [627cc27] New patch: SSPCPP-1014 - Extend escaping in strings. Fix SQL injection vulnerability in Service Provider ODBC plugin: specially crafted inputs can exfiltrate information stored in the database used by the SP. The vulnerability is moderate to high severity for anyone using the ODBC plugin, and of no impact for others. Thanks to Scott Cantor (Closes: #1114506) spip (4.4.3+dfsg-1+deb13u1) trixie; urgency=medium . * Track debian/trixie * Backport security fix from 4.4.5: Fix open redirect on ajax login form squid (6.13-2+deb13u1) trixie-security; urgency=high . * Non Maintainer Upload by LTS team * Fix CVE-2025-62168 (Closes: #1118341) Due to a failure to redact HTTP Authentication credentials Squid is vulnerable to an Information Disclosure attack. * Fix CVE-2025-59362 (Closes: #1117048) Squid mishandles ASN.1 encoding of long SNMP OIDs. stardict (3.0.7+git20220909+dfsg-8~deb13u1) trixie; urgency=medium . * Upload to trixie * Update d/gbp.conf for trixie-specific stardict (3.0.7+git20220909+dfsg-7) unstable; urgency=medium . * d/stardict-plugin.install:not install stardict_dictdotcn.so, Closes: #806960 * d/rules:Added --disable-dictdotcn option, dictdotcn is not provid server now suricata (1:7.0.10-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-53538 in 7.0.10. Cherry-Picked from upstream 97eee2cadacf3423a1ebcdd1943a7a7917f5cc56. Closes: #1109806 Reference: #1116945 * Fix CVE-2025-59147 in 7.0.10. Cherry-Picked from upstream e91b03c90385db15e21cf1a0e85b921bf92b039e and slightly modified to fit for Suricata 7.0.10. Reference: #1119940 syslog-ng (4.8.1-5+deb13u1) trixie; urgency=medium . * Turn off writing log statistics (closes: #1110329). systemd (257.9-1~deb13u1) trixie; urgency=medium . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd (257.8-1~deb13u2) trixie; urgency=medium . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) systemd-boot-efi-amd64-signed (257.9+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.9-1~deb13u1 . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd-boot-efi-amd64-signed (257.8+1~deb13u2) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u2 . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) systemd-boot-efi-arm64-signed (257.9+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.9-1~deb13u1 . * Update upstream source from tag 'upstream/257.9' Update to upstream version '257.9' with Debian dir 9b05cb6904e089147c1521b0ced983a575d8abe4 systemd-boot-efi-arm64-signed (257.8+1~deb13u2) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u2 . * Non-maintainer upload. * systemd-networkd: Fix segfault on VLAN-aware bridges. (Closes: #1112535) tango (10.0.2+dfsg1-2+deb13u1) trixie; urgency=medium . * Team upload. * Fix broken communication between major versions: libtango9 cannot receive events from libtango10 (Closes: #1118207) * d/gitlab-ci.yml (Salsa CI): - Set RELEASE to trixie in d/gitlab-ci.yml to explicitly trigger trixie-based pipelines. - Disable the reprotest job. Releases older than unstable are not very well supported by the Salsa CI's reprotest job, and this failing without a good reason. tango (10.0.2+dfsg1-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Team upload. * Rebuild for bookworm-backports. * Set RELEASE to bookworm-backports in d/gitlab-ci.yml. To explicitly trigger bookworm-backports-based pipelines. tbsync (4.16-1~deb13u2) trixie; urgency=medium . * Added dir api/ to d/rules. It follows 4.16-2 in unstable #1118180. tbsync (4.16-1~deb13u1) trixie; urgency=medium . * Rebuild for uploading with thunderbird>= 140.3 to trixie thunderbird (1:140.4.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:140.4.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security thunderbird (1:140.3.1esr-1) unstable; urgency=medium . * [f86a89f] New upstream version 140.3.1esr * [87cb9f6] d/control: Update packages need to have a Breaks Updating the packages in the Breaks field as like very often with a new ESR version some AddOns need to be bumped too. Removing old non existing or not relevant packages from the field. Adding these new packages: webext-allow-html-temp (<= 10.0.8-1~) webext-dav4tbsync (<= 4.8-2~) webext-eas4tbsync (<= 4.17-1~) webext-mailmindr (<= 1.7.1-2~) webext-quicktext (<= 6.4.6-1~) webext-tbsync (<= 4.16-1~) webext-xnotepp (<= 4.5.81-1~) (Closes: #1116976) thunderbird (1:140.3.0esr-1) unstable; urgency=medium . [ Carsten Schoenert ] * [de64a72] d/watch: Mangle 'esr' suffix from version * [85543ab] New upstream version 140.3.0esr Fixed CVE issues in upstream version 140.3 (MFSA 2025-78): CVE-2025-10527: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10528: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component CVE-2025-10529: Same-origin policy bypass in the Layout component CVE-2025-10532: Incorrect boundary conditions in the JavaScript: GC component CVE-2025-10533: Integer overflow in the SVG component CVE-2025-10536: Information disclosure in the Networking: Cache component CVE-2025-10537: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (Closes: #1115605) * [635002d] Rebuild patch queue from patch-queue branch * [6d2f42d] d/control: Remove Rules-Requires-Root . [ Carles Pina i Estany ] * [634cd34] d/control: Drop Recommends on thunderbird-l10n-fi (Closes: #1115457) . [ Dandan Zhang ] * [00691f6] d/control: Adding loong64 architecture (Closes: #1059966) thunderbird (1:140.2.0esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [3449bf5] d/rules: export CC and CXX definitions on ppc64 This is a follow-up fix for [cb1ed45]. . [ Carsten Schoenert ] * [2e811f6] d/watch: Migrate to version 5 * [ddad9bc] New upstream version 140.2.0esr thunderbird (1:140.1.1esr-1) experimental; urgency=medium . * [e6e4d2d] d/source.filter: Update content to filter out * [4b7d308] New upstream version 140.1.1esr * [472919e] d/rules: Add target for NSS and NSPR versions * [3e7b6b0] d/control: Bump B-D for libnss3-dev thunderbird (1:140.1.0esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [7ac28d3] d/rules: export 'Clto=thin' on i386 to stay in the memory budged Added patch: debian-hacks/Allow-to-override-rust-LTO-flag.patch . [ Carsten Schoenert ] * [2ed0df2] d/create-upstream-tarballs.py: Use the real CDN URL * [82f0f9e] New upstream version 140.1.0esr * [fb16995] Rebuild patch queue from patch-queue branch Added patch: porting-ppc64el/skia-Adjust-detection-of-ppc64-architecture.patch * [ad0c4b4] d/control: Increase Standards-Version to 4.7.2 No further changes needed. * [dc57502] d/copyright: Update content due upstream changes * [3e8fe05] d/s/lintian-overrides: Update data due upstream changes * [4378ab3] d/t-lintian-overrides: Update due build changes . [ John Paul Adrian Glaubitz ] * [cb1ed45] d/rules: Use gcc and g++ on ppc64 (Closes: #1109861) thunderbird (1:140.0.1esr-1) experimental; urgency=medium . [ Christoph Goehre ] * [259f52c] New upstream version 140.0.1esr (Closes: #1109451) * [a5a86f3] rebuild patch queue from patch-queue branch obsolete patches (fixed upstream): debian-hacks/Downgrade-cbindgen-requirement.patch * [fe04434] d/rules, d/thunderbird.install: ignore additional binary crashhelper for now . [ Alessandro Astone ] * [f5a46a4] Update rule to drop dependency on gtk2 with the new t64 package name thunderbird (1:138.0-1) experimental; urgency=medium . * [870fc65] New upstream version 138.0 * [cc0885e] rebuild patch queue from patch-queue branch added patches: debian-hacks/Downgrade-cbindgen-requirement.patch * [f7487ae] d/control: bump cbindgen build dependency * [61f6d95] d/thunderbird.install: install interesting_serverknobs.json file thunderbird (1:137.0-1) experimental; urgency=medium . * [148e2f7] New upstream version 137.0 thunderbird (1:136.0-1) experimental; urgency=medium . * [3f06ac7] New upstream version 136.0 thunderbird (1:135.0-1) experimental; urgency=medium . * [bdcaf66] Revert "d/rules: Move/rename third party Python modul temporarly" (Closes: #1093362) * [e33e9d8] New upstream version 135.0 * [e68ae48] rebuild patch queue from patch-queue branch modified patches: porting-mips64el/skia-Disable-musttail-on-mips64.patch porting-ppc64el/Work-around-GCC-ICE-on-ppc64el.patch thunderbird-l10n/sl-change-Edit-Uredi-to-CTRL-E.patch obsolete patches (fixed upstream): porting-ppc64el/skia-Disable-musttail-on-ppc64el.patch thunderbird (1:132.0~b6-1) experimental; urgency=medium . * [282778e] d/changelog: Correct small typo * [b5b363b] New upstream version 132.0~b6 * [7e23518] d/control: Bump various B-D versions, drop non needed * [f979f8f] d/thunderbird.postinst: Correct misspelled THUNDERBIRD_LIBDIR (Closes: #1082842) thunderbird (1:130.0~b3-1) experimental; urgency=medium . * [041e622] d/control: Fix short description for thunderbird-l10n-lv (Closes: #1079029) * [820aec2] New upstream version 130.0~b3 * [628eb92] d/control: Readd dependencies on librnp{0,-dev} * [8e6b0e8] d/rules: Move/rename third party Python modul temporarly * [ee4c48d] d/source.filter: Exclude some JS files from exclusion thunderbird (1:129.0~b6-1) experimental; urgency=medium . [ Carsten Schoenert ] * [5ee74f4] d/watch: Now watch out for 'esr' suffixed versions * [8e4b85a] d/thunderbird.desktop: Update data with upstream data (Closes: #1042912, #1051261) * [a0e3d2e] New upstream version 129.0~b6 * [0b12902] d/control: Drop B-D on libdbus-glib-1-dev (Closes: #955955) * [cf730a8] d/create-upstream-tarballs.py: Ignore version 129.0 * [0528b45] d/s/lintian-overrides: Update some overrides . [ Michael Weghorn ] * [e4d3be0] Use app ID that matches the desktop file name (Closes: #1022037) thunderbird (1:128.14.0esr-1) unstable; urgency=medium . * [4f3d4b8] New upstream version 128.14.0esr Fixed CVE issues in upstream version 128.14 (MFSA 2025-71): CVE-2025-9179: Sandbox escape due to invalid pointer in the Audio/Video: GMP component CVE-2025-9180: Same-origin policy bypass in the Graphics: Canvas2D component CVE-2025-9181: Uninitialized memory in the JavaScript Engine component CVE-2025-9185: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 tiff (4.7.0-3+deb13u1) trixie-security; urgency=medium . * CVE-2024-13978 (Closes: #1111323) * CVE-2025-8961 (Closes: #1111317) * CVE-2025-9165 (Closes: #1111878) * CVE-2025-9900 tryton-sao (7.0.28+ds1-1+deb13u1) trixie-security; urgency=high . * Add 01_xss_vulnerability_attachments_preview.patch. Patch for security issue: https://discuss.tryton.org/t/security-release-for-issue-14290/8895 The HTML element used to display the document is based on the mimetype. And by default a sandboxed iframe is used to isolate the unsafe content from the parent context. ublock-origin (1.67.0+dfsg-1~deb13u1) trixie; urgency=medium . * Backport version 1.67.0 to trixie to improve user experience and add new filter capabilities. ublock-origin (1.67.0+dfsg-1~deb12u1) bookworm; urgency=medium . * Backport version 1.67.0 to bookworm to improve user experience and add new filter capabilities. (Closes: #1059545) * Fix CVE-2025-4215: Regular Expression Denial of Service (ReDoS) (Closes: #1104635) valkey (8.1.1+dfsg1-3+deb13u1) trixie-security; urgency=medium . * (CVE-2025-49844) A Lua script may lead to remote code execution * (CVE-2025-46817) A Lua script may lead to integer overflow and potential RCE * (CVE-2025-46818) A Lua script can be executed in the context of another user * (CVE-2025-46819) LUA out-of-bound read virt-manager (1:5.0.0-5+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Fix: Clicking on "Browse Local" has no effect and throws an error (Closes: #1112514) * Update debian/gbp.conf to point to trixie branches watcher (14.0.0-1+deb13u1) trixie; urgency=medium . * Add export OS_OSLO_MESSAGING_RABBIT__PROCESSNAME for all daemons. * A vulnerability has been identified in OpenStack Nova and OpenStack Watcher in conjunction with volume swap operations performed by the Watcher service. Under specific circumstances, this can lead to a situation where two Nova libvirt instances could reference the same block device, allowing accidental information disclosure to the unauthorized instance. Added upstream patch: OSSN-0094_use_cinder_migrate_for_swap_volume.patch. (Closes: #1111692). webkit2gtk (2.50.1-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. * Re-enable libmanette in i386. * Enable the transitional packages. * Don't override the gcc compiler on mips64el since trixie already uses gcc-14 by default. webkit2gtk (2.50.1-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. - Re-enable libmanette in i386. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. * Don't override the gcc compiler on mips64el since bookworm uses gcc 12 and not gcc 15 (#1116217). * debian/patches/fix-minibrowser.patch: - Fix the MiniBrowser with clang-16. webkit2gtk (2.50.0-2) unstable; urgency=medium . * debian/patches/fix-ftbfs-i386.patch: - Update patch to also fix the armhf build. * Force gcc-14 in mips64el because gcc 15 fails with an internal compiler error (#1116217) and clang is not an option ("failed to perform tail call elimination"). * debian/rules: - Remove unused variable EXTRA_BUILD_ARGUMENTS. * debian/patches/disable-nvidia-dmabuf.patch: - Bring back this patch, now adapted to WebKitGTK 2.50.0. webkit2gtk (2.50.0-1) unstable; urgency=medium . * New upstream release. * Bring all changes from the 2.49 (experimental) branch. * debian/copyright: - Update copyright information of all files. * debian/gbp.conf: - Update upstream branch name. * debian/libwebkit2gtk-4.0-37.symbols: - Update symbols. * Refresh all patches. - Drop disable-nvidia-dmabuf.patch for now, it needs changes. * debian/patches/fix-ftbfs-s390x.patch: - Fix FTBFS in s390x (WebKit bug #298308). * debian/patches/fix-ftbfs-i386.patch: - Fix FTBFS in i386 (WebKit bug #299018). * Stop building the transitional packages for forky. * debian/source/lintian-overrides: - Update source-is-missing overrides. webkit2gtk (2.49.90-1) experimental; urgency=medium . * New upstream development release. * debian/watch, debian/gbp.conf: - Branch for 2.49.x in experimental. * Refresh all patches. - Drop fix-ftbfs-armv7.patch. - Drop disable-nvidia-dmabuf.patch for now, it needs changes. * Stop building the transitional packages for forky. * debian/copyright: - Update copyright information of all files. * Stop supporting non-SSE2 i386 CPUs since trixie now requires SSE2 support. - Drop dont-detect-sse2.patch. - Enable the JIT again and disable CLoop. * debian/libwebkit2gtk-4.0-37.symbols: - Update symbols. * debian/source/lintian-overrides: - Update source-is-missing overrides. webkit2gtk (2.48.6-1) unstable; urgency=medium . [ Alberto Garcia ] * New upstream release. * Drop fix-ftbfs-armv7.patch. * Stop supporting non-SSE2 i386 CPUs since SSE2 is required starting from trixie. - Drop dont-detect-sse2.patch. - Enable the JIT again and disable CLoop. * Use clang in i386. This is now possible since we require SSE2. . [ Jeremy Bicha ] * Disable gamepad feature on Ubuntu since libmanette is in universe there. * Don't require libmanette on i386. webkit2gtk (2.48.5-1) unstable; urgency=high . * New upstream release. * The WebKitGTK security advisory WSA-2025-0005 lists the following security fixes in the latest versions of WebKitGTK: - CVE-2025-24189 (fixed in 2.48.0). - CVE-2025-31273, CVE-2025-31278, CVE-2025-43211, CVE-2025-43212, CVE-2025-43216, CVE-2025-43227, CVE-2025-43228, CVE-2025-43240, CVE-2025-43265, CVE-2025-6558 (fixed in 2.48.5). * debian/upstream/signing-key.asc: - Update Adrian Perez's PGP key. * debian/patches/fix-ftbfs-armv7.patch: - Fix arm build. wike (3.1.1-1+deb13u1) trixie; urgency=medium . * Add cherry-picked upstream patch setting correct useragent (Closes: #1119977) wtmpdb (0.73.0-3+deb13u1) trixie; urgency=medium . * Rotate and prune logs using logrotate (Closes: #1094965) - patch to handle empty file reading - remove units and cron jobs for old (disabled) rotation solution - cause new and rotated files to keep permissions (Closes: #1076308) * Store logs in system log directory, /var/log (Closes: #1117719) * Remove logs on package purge * README.Debian: document new log handling xnote (4.5.48-1~deb13u1) trixie; urgency=medium . * Rebuild for upload after thunderbird 140.3 in trixie xorg (1:7.7+24+deb13u1) trixie; urgency=medium . * Team upload . [ Jochen Sprickerhof ] * 20x11-common_process-args: Only use the first word for command -v (Closes: #1094494) xorg-server (2:21.1.16-1.3+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * present: Fix use-after-free in present_create_notifies() (CVE-2025-62229) * xkb: Make the RT_XKBCLIENT resource private (CVE-2025-62230) * xkb: Free the XKB resource when freeing XkbInterest (CVE-2025-62230) * xkb: Prevent overflow in XkbSetCompatMap() (CVE-2025-62231) xssproxy (1.0.0-1+deb13u1) trixie; urgency=medium . * Add listen-path.patch, listening on object path /org/freedesktop/ScreenSaver too (Closes: #1092965) * Add cookie-not-zero.patch, avoiding problem with xdg-desktop-portal-gtk (Closes: #1115458) ====================================== Sat, 06 Sep 2025 - Debian 13.1 released ====================================== aide (0.19.1-2+deb13u1) trixie-security; urgency=high . * Apply upstream patch to escape control characters in report and log output (CVE-2025-54389) * Apply upstream patch to fix null pointer dereference after reading incorrectly encoded xattr attributes from database (CVE-2025-54409) auto-apt-proxy (16.8+deb13u1) trixie; urgency=medium . * Check explicitly configured proxies before network gateway (Closes: #1108265) * Add trixie-specific gbp.conf base-files (13.8+deb13u1) trixie; urgency=medium . * Update debian_version and os-release for Debian 13.1 point release. chromium (139.0.7258.154-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. chromium (139.0.7258.154-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-9478: Use after free in ANGLE. Reported by Google Big Sleep. * d/patches/bookworm/stdarch-arm.patch: drop to fix FTBFS on arm64 with newer rustc-web. chromium (139.0.7258.138-1) unstable; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.138-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.138-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep. chromium (139.0.7258.127-2) unstable; urgency=high . * d/patches: - bookworm/adler1.patch: drop, rustc in sid is now new enough for adler2. Also move it into trixie/adler1.patch. - bookworm/libxml-parseerr.patch: drop, libxml in sid is upgraded. Also move it to trixie/libxml-parseerr.patch. * d/control: update build-deps to require rust >= 1.86, libxml >= 2.14. chromium (139.0.7258.127-1) unstable; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. chromium (139.0.7258.127-1~deb13u1) trixie-security; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. . chromium (139.0.7258.66-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: Replace elfutils build-dep with llvm-19 for switch to llvm-strip. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes chromium (139.0.7258.127-1~deb12u1) bookworm-security; urgency=high . * New upstream security release. - CVE-2025-8879: Heap buffer overflow in libaom. Reported by Anonymous - CVE-2025-8880: Race in V8. Reported by Seunghyun Lee (@0x10n). - CVE-2025-8901: Out of bounds write in ANGLE. Reported by Google Big Sleep. - CVE-2025-8881: Inappropriate implementation in File Picker. Reported by Alesandro Ortiz. - CVE-2025-8882: Use after free in Aura. Reported by Umar Farooq. chromium (139.0.7258.66-1) unstable; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: Replace elfutils build-dep with llvm-19 for switch to llvm-strip. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes chromium (139.0.7258.66-1~deb12u1) bookworm-security; urgency=high . * New upstream stable release. - CVE-2025-8576: Use after free in Extensions. Reported by asnine. - CVE-2025-8577: Inappropriate implementation in Picture In Picture. Reported by Umar Farooq. - CVE-2025-8578: Use after free in Cast. Reported by Fayez. - CVE-2025-8579: Inappropriate implementation in Gemini Live in Chrome. Reported by Alesandro Ortiz. - CVE-2025-8580: Inappropriate implementation in Filesystems. Reported by Huuuuu. - CVE-2025-8581: Inappropriate implementation in Extensions. Reported by Vincent Dragnea. - CVE-2025-8582: Insufficient validation of untrusted input in DOM. Reported by Anonymous. - CVE-2025-8583: Inappropriate implementation in Permissions. Reported by Shaheen Fazim. * d/copyright: delete third_party/enterprise_companion, as it includes a binary. * d/control: - Replace elfutils build-dep with llvm-19 for switch to llvm-strip. - Update rustc-web build-dep to >= 1.84. * d/rules: - drop enable_nacl=false; upstream removed NaCL. - set enable_enterprise_companion=false. - disable Gemini AI (enable_glic=false). * d/patches: - disable/catapult.patch: refresh. - disable/buildtools-libc.patch: refresh. - system/eu-strip.patch: drop, upstream switched to llvm-strip. - bookworm/gn-revert-path-exists.patch: refresh & drop unused part. - ungoogled/disable-privacy-sandbox.patch: refresh. - fixes/bindgen.patch: rename to bookworm/bindgen.patch, since trixie now has a newer bindgen. - bookworm/gn-absl.patch: refresh. - bookworm/rust-is-none-or.patch: drop, thanks to newer rustc-web. - bookworm/rust-unstable-features.patch: drop - newer rustc-web. - bookworm/bubble-contents.patch: drop, no longer needed. . [ Timothy Pearson ] * d/patches/ppc64le: - sandbox/0001-sandbox-linux-Update-syscall-helpers-lists-for-ppc64.patch: Refresh for upstream changes - sandbox/0009-sandbox-updates-138.patch: Properly handle IPC and send syscalls - third_party/0001-add-xnn-ppc64el-support.patch: Refresh for upstream changes - third_party/0002-regenerate-xnn-buildgn.patch: Regenerate from upstream sources - third_party/skia-vsx-instructions.patch: Refresh for upstream changes - fixes/fix-partition-alloc-compile.patch: Refresh for upstream changes courier (1.4.1-3+deb13u1) trixie; urgency=medium . * Add debian/courier-webadmin.init and debian/courier-webadmin.service (closes: #1111836). * Add debian/tests/smoke-webadmin. * Add debian/courier-webadmin.links to create a cgi-bin link. * Add debian/patches/webadmin-restart-commands.patch. * debian/control: Add "Pre-Depends: ${misc:Pre-Depends}". * debian/courier.base.postinst: - Remove the dpkg-statoverride for /var/lib/courier, which diverged from upstream and caused problems with webadmin. * debian/courier-base.postrm: Remove the deletion of the dpkg-statoverride for /var/lib/courier. * debian/courier-webadmin.config: Remove the courier-webadmin/install-cgi section. * debian/courier-webadmin.dirs: Remove the unnecessary etc/courier/webadmin entry. * debian/courier-webadmin.install: - Install the new etc/courier/webadmin/restartcmd. - Install /etc/courier/webadmin/password. * debian/courier-webadmin.postinst: - Remove the processing of the now-removed install-cgi debconf question. - Stop manually creating and setting permissions for /etc/courier/webadmin/password. - Add a dpkg-statoverride for /etc/courier/webadmin/password. * debian/courier-webadmin.postrm: - Remove the processing of the now-removed install-cgi debconf question. - Remove the webadmin socket on purge if it was left behind by the service. - Remove the dpkg-statoverride for /etc/courier/webadmin/password on purge. * debian/courier-webadmin.README.Debian: - Refactor to reflect the new, non-SUID webadmin architecture. - Add information about enabling cgi-bin symlinks. * debian/courier-webadmin.templates: Remove obsolete install-cgi question. The link is now created automatically on install. * debian/rules: Create an empty /etc/courier/webadmin/password file. * debian/tests/control: Enable the smoke-webadmin test. debian-installer (20250803+deb13u1) trixie; urgency=medium . * Bootstrap trixie stable branch: - Set USE_PROPOSED_UPDATES=1 in debian/rules - Set USE_UDEBS_FROM?=trixie in build/config/common * Bump Linux kernel ABI to 6.12.43+deb13. * Adjust linux-image build-deps accordingly. * Add a workaround for a GRUB graphics initialisation bug (#1110759): adding a simple text output before switching terminal_output to gfxterm makes the graphical display work on older machines. With many thanks to Fab Stz for drawing our attention to this problem and the proposed workaround. debian-installer-netboot-images (20250803+deb13u1) trixie; urgency=medium . * Update to 20250803+deb13u1, from trixie-proposed-updates. * Update DISTRIBUTION and DISTRIBUTION_FALLBACK for the trixie branch. debian-installer-netboot-images (20250803) unstable; urgency=medium . [ Holger Levsen ] * Fix missing build dependency on apt, thanks to Jochen Sprickerhof (Closes: #1099535). Packages which are installed on the buildds but which are not listed in Build-Depends are not recorded in .buildinfo files. Thus rebuilding (e.g. on reproduce.debian.net) then fails. . [ Cyril Brulebois ] * Update supported architectures: - Delete mips64el * Clean debian/rules: - Delete (unused and incomplete) UNSUPPORTED_ARCHITECTURES. * Update for D-I Trixie RC 3. desktop-base (13.0.4) trixie; urgency=medium . [ Aurélien COUDERC ] * Fix ceratopsian-theme’s plymouth password/fsck prompts off-center on multi-monitor mixed-resolution set-ups. Thanks Shaun Lewis for the patch. (Closes: #1110858) devscripts (2.25.15+deb13u1) trixie; urgency=medium . * Team upload. * Update branch in gbp.conf & Vcs-Git URL. * debchange: trixie is now stable, forky is testing. dpdk (24.11.3-1~deb13u1) trixie; urgency=medium . * Upload to trixie . dpdk (24.11.3-1) unstable; urgency=medium . * New upstream release 24.11.3. For a full list of changes in 24.11.3 see: https://doc.dpdk.org/guides/rel_notes/release_24_11.html ethtool (1:6.14.2-1) trixie; urgency=medium . * New upstream release: 6.14.2 . [ Salvatore Bonaccorso ] * debian/salsa-ci.yml: Set release to trixie * netlink: fix print_string when the value is NULL firebird3.0 (3.0.12.ds7-13+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * CVE-2025-54989: XDR Message Parsing NULL Pointer Dereference (Closes: #1111321) firebird4.0 (4.0.5.3140.ds6-17+deb13u1) trixie-security; urgency=medium . * cherry pick fix for CVE-2025-54989 from upstream (Closes: #1111320) * cherry pick fix for CVE-2025-24975 from upstream (Closes: #1111322) * switch debian-branch to debian/trixie-security in gbp.conf firefox-esr (128.14.0esr-1~deb13u1) trixie-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. firefox-esr (128.14.0esr-1~deb12u1) bookworm-security; urgency=medium . * New upstream release. * Fixes for mfsa2025-66, also known as: CVE-2025-9179, CVE-2025-9180, CVE-2025-9181, CVE-2025-9185. flvstreamer (2.1c1-2+deb13u1) trixie; urgency=medium . * debian/gbp.conf: Work in debian/trixie branch * Revert "Build and install all programs of `progs` target in Makefile (Closes: #1098981) galera-4 (26.4.23-0+deb13u1) trixie; urgency=medium . * New upstream release 26.4.23. Includes multiple bug fixes, see https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.23.txt * Drop patch to fix garbd's -w/WORK_DIR parameter that is now applied upstream galera-4 (26.4.23-0+deb12u1) bookworm; urgency=medium . * New upstream release 26.4.23. Includes multiple bug fixes, see https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.23.txt https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.22.txt https://github.com/codership/documentation/blob/master/release-notes/release-notes-galera-26.4.21.txt * New upstream release fixes garbd's -w/WORK_DIR parameter (Closes: #1088076) git (1:2.47.3-0+deb13u1) trixie; urgency=medium . * Non-maintainer upload. * New upstream release. - CVE-2025-27613: gitk: file creation/truncation after cloning untrusted repository - CVE-2025-27614: gitk: user can be tricked into running any script after cloning untrusted repository - CVE-2025-46835: git-gui: file creation/overwriting after cloning untrusted repository - CVE-2025-48384: script execution after cloning untrusted repository - CVE-2025-48385: protocol injection when fetching - Closes: #1108983 glib2.0 (2.84.4-3~deb13u1) trixie; urgency=medium . * Go back to debian/trixie branch for a stable update * d/tests/manual/1065022.sh: Update manual test script used to reproduce and test fixes for #1065022 - Adapt to upgrade from bookworm to trixie, rather than bookworm to sid - Optionally reproduce #1110696 instead - Optionally test the extra safety checks in the postrm - Add a simpler mechanism to test proposed packages for either bookworm or trixie - Improve diagnostic output . glib2.0 (2.84.4-3) unstable; urgency=medium . * d/control: Generate the intended Provides in libgirepository-2.0-0 . glib2.0 (2.84.4-2) unstable; urgency=medium . * Mention #1110640 in previous changelog entry * libgirepository-2.0-0: Generate a dependency on a virtual package for libffi-related symbols, to avoid trouble during future libffi ABI transitions (Closes: #1110825) * libglib2.0-0t64: Make maintainer scripts shellcheck-clean * libglib2.0-0t64.postrm: - Refactor to use functions that early-return if we do not want to do the cleanup, avoiding stacking conditionals - Don't remove cache files if they would be non-empty, guarding against issues similar to #1065022 and #1110696 (mitigates: #1110696) * libglib2.0-0t64.preinst: Disarm libglib2.0-0 postrm for all architectures, avoiding a corner case where the faulty postrm that suffered from #1065022 would still exist if it belonged to a former foreign architecture that was already disabled, but libglib2.0-0 from that architecture was still in removed-but-not-purged state, resulting in #1065022 recurring when that version of libglib2.0-0 was subsequently purged (Closes: #1110696) * d/tests/1065022-futureproofing: - Fix a test regression by generating a versioned Provides when building a mockup of a hypothetical future libglib2.0-0xyz. This regression wasn't immediately obvious because the autopkgtest is marked as flaky (it depends on various implementation details which we can't completely rely on). - Make sure required packages stay installed, failing the test early if their dependencies cannot be satisfied - Produce only TAP output on stdout, and a diagnostic log on stderr - Improve diagnostic output . glib2.0 (2.84.4-1) unstable; urgency=medium . * d/control, d/gbp.conf: Use debian/forky packaging branch. The debian/latest branch is now tracking 2.85.x for Debian experimental. * New upstream stable release - Ensure that generating temporary file names does not access memory outside the intended array of alphanumeric characters if a long-running program generates billions of temporary file names (CVE-2025-7039, glib#3716 upstream; believed to be unlikely to be exploitable in practice. Closes: #1110640) - Fix the intended ability for g_settings_bind_with_mapping_closures() to copy a value to the destination object (glib!4667 upstream) - If creating a thread pool fails, report a recoverable error instead of crashing with a fatal error (glib#3712 upstream) - Fix several memory leaks (glib#3721, glib!4702 upstream) glib2.0 (2.84.4-2) unstable; urgency=medium . * Mention #1110640 in previous changelog entry * libgirepository-2.0-0: Generate a dependency on a virtual package for libffi-related symbols, to avoid trouble during future libffi ABI transitions (Closes: #1110825) * libglib2.0-0t64: Make maintainer scripts shellcheck-clean * libglib2.0-0t64.postrm: - Refactor to use functions that early-return if we do not want to do the cleanup, avoiding stacking conditionals - Don't remove cache files if they would be non-empty, guarding against issues similar to #1065022 and #1110696 (mitigates: #1110696) * libglib2.0-0t64.preinst: Disarm libglib2.0-0 postrm for all architectures, avoiding a corner case where the faulty postrm that suffered from #1065022 would still exist if it belonged to a former foreign architecture that was already disabled, but libglib2.0-0 from that architecture was still in removed-but-not-purged state, resulting in #1065022 recurring when that version of libglib2.0-0 was subsequently purged (Closes: #1110696) * d/tests/1065022-futureproofing: - Fix a test regression by generating a versioned Provides when building a mockup of a hypothetical future libglib2.0-0xyz. This regression wasn't immediately obvious because the autopkgtest is marked as flaky (it depends on various implementation details which we can't completely rely on). - Make sure required packages stay installed, failing the test early if their dependencies cannot be satisfied - Produce only TAP output on stdout, and a diagnostic log on stderr - Improve diagnostic output glib2.0 (2.84.4-1) unstable; urgency=medium . * d/control, d/gbp.conf: Use debian/forky packaging branch. The debian/latest branch is now tracking 2.85.x for Debian experimental. * New upstream stable release - Ensure that generating temporary file names does not access memory outside the intended array of alphanumeric characters if a long-running program generates billions of temporary file names (CVE-2025-7039, glib#3716 upstream; believed to be unlikely to be exploitable in practice) - Fix the intended ability for g_settings_bind_with_mapping_closures() to copy a value to the destination object (glib!4667 upstream) - If creating a thread pool fails, report a recoverable error instead of crashing with a fatal error (glib#3712 upstream) - Fix several memory leaks (glib#3721, glib!4702 upstream) gnome-control-center (1:48.4-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set packaging branch for trixie stable updates . gnome-control-center (1:48.4-1) unstable; urgency=medium . * Team upload * d/control, d/gbp.conf, d/watch: Limit to 48.x versions. We'll stick to 48.x in testing/unstable for now, to get better testing for 48.x updates in trixie later. * New upstream stable release - In the Power panel, move the General section to the top, avoiding a UI reflow when the notice recommending automatic suspend is shown or hidden (gnome-control-center#3373 upstream) - Disable Pango markup when displaying errors from gnome-online-accounts, fixing display of some error messages that contain URLs - Translation updates gnome-online-accounts (3.54.5-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release with these fixes (Closes: #1111674): - Adding GOA account fails with sonic.net IMAP service - Cannot add a ProtonMail bridge with IMAP + TLS - Nextcloud login does not work anymore due to OPTIONS /login request - Linked online accounts no longer work - Invalid URI when adding Google account - goamsgraphprovider: ensure a valid PresentationIdentity - goadaemon: complete GTasks to avoid a scary debug warning - Fix Nextcloud and mailbox.org preconfiguration - Add DAV preconfig for mail.ru - Authentication failure in goa IMAP accounts - Handle unexpected casing in domain names - Various translations updates * debian/gbp.conf: branch for trixie gnome-online-accounts (3.54.3-2) experimental; urgency=medium . * Disable Microsoft provider (Closes: #1100711) - It only handles email but Microsoft 365 handles email, calendar, contacts, and files - It was removed from GNOME 49 gnome-online-accounts (3.54.3-1) experimental; urgency=medium . * New upstream bugfix release gnome-shell (48.4-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set packaging branch for trixie stable updates . gnome-shell (48.4-1) unstable; urgency=medium . * Team upload * New upstream stable release - network: If a network has no ID, don't treat it as available, avoiding breaking the network menu (gnome-shell!3785 upstream) - Improve URL recognition heuristic for notifications so that non-URLs do not become a link (gnome-shell#8517 upstream) - In gdm, improve efficiency of user list (gnome-shell!3799 upstream) - Fix signal order when taking a screenshot interactively is triggered via D-Bus, for example from xdg-desktop-portal (gnome-shell#8499 upstream) - Improve cursor scaling on systems with different-DPI monitors when using the Magnifier accessibility tool (gnome-shell!475 upstream) - In sliders like volume and brightness, avoid drawing part of the bar over the handle in RTL locales (gnome-shell!3817 upstream) - Improve robustness of signal connections in the Thunderbolt and smart-card code (gnome-shell!3796 upstream) - Code cleanups in extensions management service (part of gnome-shell!3750 upstream) - Translation updates * d/control: Bump gjs version to 1.81.2 as per meson.build. No practical effect, 1.82.x is already in trixie. * d/gbp.conf: Use debian/forky branch for uploads targeting forky. We'll stick to 48.x in testing/unstable for now, to get better testing for future 48.x updates in trixie. Preliminary 49.x packaging for experimental is already using the debian/latest branch. golang-github-gin-contrib-cors (1.4.0-1+deb13u1) trixie; urgency=medium . * CVE-2019-25211 fix handling of wildcards golang-github-gin-contrib-cors (1.4.0-1+deb12u1) bookworm; urgency=medium . * CVE-2019-25211 fix handling of wildcards gssdp (1.6.4-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release - Improve reproducibility of gssdp-enums.c - Fix issues with Since: and Deprecated: declarations in documentation (Closes: #1111683) imagemagick (8:7.1.1.43+dfsg1-1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-53014: A heap buffer overflow was found in the `InterpretImageFilename` function. The issue stems from an off-by-one error that causes out-of-bounds memory access when processing format strings containing consecutive percent signs (`%%`). (Closes: #1109339) * Fix CVE-2025-53015: Infinite loop occur when writing during a specific XMP file conversion command (Closes: #1109339) * Fix CVE-2025-53019: `magick stream` command, specifying multiple consecutive `%d` format specifiers in a filename template causes a memory leak (Closes: #1109339) * Fix CVE-2025-53101: `magick mogrify` command, specifying multiple consecutive `%d` format specifiers in a filename template causes internal pointer arithmetic to generate an address below the beginning of the stack buffer, resulting in a stack overflow through `vsnprintf()` (Closes: #1109339) * Fix CVE-2025-43965: In MIFF image processing, image depth is mishandled after SetQuantumFormat is used. * Fix CVE-2025-46393: In multispectral MIFF image processing, packet_size is mishandled. init-system-helpers (1.69~deb13u1) trixie; urgency=medium . * Upload to trixie . init-system-helpers (1.69) unstable; urgency=medium . * Add postinst to hotfix an upgrade bug on certain newly live-installed systems built using Trixie's live-build (Closes: #1111039) installation-guide (20250803+deb13u1) trixie; urgency=medium . * Add Ukrainian (new translation) and Hungarian (re-completed) to langlist, to make them appear in the package and on the website. * Fix boot-dev-select-arm64 and armhf-armmp-supported-platforms hyperlinks. iperf3 (3.18-2+deb13u1) trixie; urgency=high . * Fix no-dsa security issues: - CVE-2025-54349 - CVE-2025-54350 kamailio (6.0.1-1+deb13u1) trixie; urgency=medium . * Team upload * Check only major OpenSSL version (Closes: #1110867) libadwaita-1 (1.7.6-1~deb13u1) trixie; urgency=medium . * New upstream bugfix release 1.7.5 - Explicitly set the size of a custom avatar image, avoiding a regression with GTK 4.19.x (libadwaita!1492 upstream) - Always set the document font name, even if all of the debug environment variables ADW_DEBUG_HIGH_CONTRAST, ADW_DEBUG_COLOR_SCHEME and DEBUG_ACCENT_COLOR are set (libadwaita#1042 upstream) - Slightly increase the window border radius for AdwTabOverview (libadwaita!1489 upstream) - Fix an assertion failure when showing a "toast" notification while its hiding animation is still in progress (libadwaita#997 upstream) - Fix some memory leaks - CI updates, not relevant to how this package is built in Debian * New upstream bugfix release 1.7.6 (Closes: #1111847) - Make cancelling an alert dialog go through the same code path as the user interacting with it (libadwaita!1511 upstream) - Avoid type-check warnings when a dialog is presented as a window (libadwaita!1519 upstream) - Fix keyboard activation on AdwButtonRow inside AdwDialog presented as a window (libadwaita#1062 upstream) - Crash with a somewhat graceful assertion error if a layout slot is invalidly constructed without an ID, instead of segfaulting (libadwaita#1059 upstream) - Fix a memory leak (libadwaita#1067 upstream) - Avoid AdwNavigationPage "showing" and "hidden" signals being spuriously triggered when swiping left on a touchscreen (libadwaita#1065 upstream) - Make tab overview buttons easier to press on touchscreens (libadwaita#1039 upstream) - Fix scan-build warnings by programming more defensively (libadwaita!1517 upstream) - Remove some dead code (libadwaita!1521 upstream) * debian/gbp.conf: branch for trixie libcgi-simple-perl (1.282-1~deb13u1) trixie; urgency=medium . * Rebuild for trixie . libcgi-simple-perl (1.282-1) unstable; urgency=medium . * Team upload. * Import upstream version 1.282. - Sanitize all user-supplied values before inserting into HTTP headers (CVE-2025-40927) * Drop "Port latest header-injection refinement from CGI.pm" libcoap3 (4.3.4-1.1+deb13u1) trixie; urgency=medium . * Non-maintainer upload by the LTS Team. * CVE-2024-0962 (Closes: #1061704) fix stacked-based buffer overflow * CVE-2024-31031 (Closes: #1070362) fix unsigned integer overflow libreoffice (4:25.2.3-2+deb13u2) trixie; urgency=medium . * debian/patches/avmedia-qt-use-gstreamer-frame-grabber-by-default.diff: add back * debian/patches/qt-Consolidate-to-one-toOUString-helper.diff: add from upstream; fixes --enable-qt6 builds with the above . * debian/rules: - remove USE_GSTREAMER=n setting on build-indep since it somehow also affects the AVMEDIA conditional which makes build-indep builds loose the gallery sound files (closes: #1108832), and move the gstreamer -dev packages from B-D-A to B-D consequently libreoffice (4:25.2.3-2+deb13u1) trixie; urgency=medium . * debian/patches/add-EUR-for-Bulgaria-Lew.diff: add Euro support for Bulgaria from libreoffice-25-8 branch (to-be 25.8.1) librepo (1.20.0-1~deb13u1) trixie; urgency=medium . * Upload to trixie . librepo (1.20.0-1) unstable; urgency=medium . * Improve handling of SELinux in the Debian packaging * Update upstream source from tag 'upstream/1.20.0' * Drop patches merged upstream * d/control: bump Standards-Version to 4.7.2, no changes * d/copyright: use GPL URL instead of old FSF postal address * Add new symbols to librepo0.symbols libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u1) trixie-security; urgency=high . * CVE-2025-7425: heap-use-after-free in xmlFreeID caused by `atype` corruption (Closes: #1109122) libxslt (1.1.35-1.2+deb13u1) trixie-security; urgency=medium . * Fix information disclosure with improved memory handling of generated-id() (Closes: #1108074, CVE-2023-40403) * Fix type confusion in xmlNode.psvi between stylesheet and source nodes (Closes: #1109123, CVE-2025-7424) linux (6.12.43-1) trixie; urgency=medium . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux (6.12.41-1) trixie-security; urgency=high . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie linux-signed-amd64 (6.12.43+1) trixie; urgency=medium . * Sign kernel from linux 6.12.43-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux-signed-amd64 (6.12.41+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.41-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie linux-signed-arm64 (6.12.43+1) trixie; urgency=medium . * Sign kernel from linux 6.12.43-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.42 - [amd64] ASoC: amd: yc: Add DMI quirk for HP Laptop 17 cp-2033dx - ethernet: intel: fix building with large NR_CPUS - [amd64] ASoC: amd: yc: Add DMI entries to support HP 15-fb1xxx - ALSA: hda/cs35l56: Workaround bad dev-index on Lenovo Yoga Book 9i GenX - [amd64] ASoC: Intel: fix SND_SOC_SOF dependencies - [amd64] ASoC: amd: yc: add DMI quirk for ASUS M6501RM - audit,module: restore audit logging in load failure case - parse_longname(): strrchr() expects NUL-terminated string - fs_context: fix parameter name in infofc() macro - fs/ntfs3: cancle set bad inode after removing name fails - ublk: use vmalloc for ublk_device's __queues - hfsplus: make splice write available again - hfs: make splice write available again - hfsplus: remove mutex_lock check in hfsplus_free_extents - Revert "fs/ntfs3: Replace inode_trylock with inode_lock" - gfs2: No more self recovery - io_uring: fix breakage in EXPERT menu - ASoC: soc-dai: tidyup return value of snd_soc_xlate_tdm_slot_mask() - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - ASoC: mediatek: use reserved memory or enable buffer pre-allocation - [arm64] dts: freescale: imx93-tqma9352: Limit BUCK2 to 600mV - [arm64] soc: qcom: QMI encoding/decoding for big endian - [arm64] dts: qcom: sdm845: Expand IMEM region - [arm64] dts: qcom: sc7180: Expand IMEM region - [arm64] dts: exynos: gs101: Add 'local-timer-stop' to cpuidle nodes - [arm64] dts: qcom: sa8775p: Correct the interrupt for remoteproc - [arm64] dts: qcom: msm8976: Make blsp_dma controlled-remotely - usb: host: xhci-plat: fix incorrect type for of_match variable in xhci_plat_probe() - usb: misc: apple-mfi-fastcharge: Make power supply names unique - [arm64] dts: ti: k3-am642-phyboard-electra: Fix PRU-ICSSG Ethernet ports - [arm64] dts: ti: k3-am62p-j722s: fix pinctrl-single size - [arm64] firmware: arm_scmi: Fix up turbo frequencies selection - usb: typec: ucsi: yoga-c630: fix error and remove paths - mei: vsc: Destroy mutex after freeing the IRQ - mei: vsc: Event notifier fixes - mei: vsc: Unset the event callback on remove and probe errors - [armhf] spi: stm32: Check for cfg availability in stm32_spi_probe - vmci: Prevent the dispatching of uninitialized payloads - pps: fix poll support - Revert "vmci: Prevent the dispatching of uninitialized payloads" - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() - usb: early: xhci-dbc: Fix early_ioremap leak - [armhf] dts: ti: omap: Fixup pinheader typo - [arm64] dts: st: fix timer used for ticks - [arm64] dts: imx8mm-beacon: Fix HS400 USDHC clock speed - [arm64] dts: imx8mn-beacon: Fix HS400 USDHC clock speed - PM / devfreq: Check governor before using governor->name - PM / devfreq: Fix a index typo in trans_stat - cpufreq: intel_pstate: Always use HWP_DESIRED_PERF in passive mode - cpufreq: Initialize cpufreq-based frequency-invariance later - cpufreq: Init policy->rwsem before it may be possibly used - staging: greybus: gbphy: fix up const issue with the match callback - [arm64] soc: qcom: pmic_glink: fix OF node leak - [arm64] interconnect: qcom: sc8280xp: specify num_links for qnm_a1noc_cfg - [arm64] interconnect: qcom: sc8180x: specify num_nodes - bus: mhi: host: pci_generic: Fix the modem name of Foxconn T99W640 - [arm64,armhf] drm/rockchip: cleanup fb when drm_gem_fb_afbc_init failed - [arm64,armhf] drm/panfrost: Fix panfrost device variable name in devfreq - drm/panthor: Add missing explicit padding in drm_panthor_gpu_info - bpf, sockmap: Fix psock incorrectly pointing to sk - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - net: ipv6: ip6mr: Fix in/out netdev to pass to the FORWARD chain - drm/vmwgfx: Fix Host-Backed userspace on Guest-Backed kernel - drm/amdgpu: Remove nbiov7.9 replay count reporting - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - [powerpc*] pseries/dlpar: Search DRC index from ibm,drc-indexes for IO add - wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band - wifi: rtl818x: Kill URBs before clearing tx status queue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: ath11k: clear initialized flag for deinit-ed srng lists - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - net/mlx5: Check device memory pointer before usage - net: dst: annotate data-races around dst->input - net: dst: annotate data-races around dst->output - bpf: Ensure RCU lock is held around bpf_prog_ksym_find - [arm64] drm/msm/dpu: Fill in min_prefill_lines for SC8180X - refscale: Check that nreaders and loops multiplication doesn't overflow - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - sched/psi: Optimize psi_group_change() cpu_clock() usage - fbcon: Fix outdated registered_fb reference in comment - netfilter: nf_tables: Drop dead code from fill_*_info routines - netfilter: nf_tables: adjust lockdep assertions handling - [amd64] iommu/amd: Enable PASID and ATS capabilities in the correct order - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - net_sched: act_ctinfo: use atomic64_t for three counters - RDMA/mlx5: Fix UMR modifying of mkey page size - xen: fix UAF in dmabuf_exp_from_pages() - xen/gntdev: remove struct gntdev_copy_batch from stack - tcp: call tcp_measure_rcv_mss() for ooo packets - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - wifi: rtw88: Fix macid assigned to TDLS station - mwl8k: Add missing check after DMA map - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() - drm/amdgpu/gfx9: fix kiq locking in KCQ reset - drm/amdgpu/gfx9.4.3: fix kiq locking in KCQ reset - drm/amdgpu/gfx10: fix kiq locking in KCQ reset - [amd64] iommu/amd: Fix geometry.aperture_end for V2 tables - rcu: Fix delayed execution of hurry callbacks - wifi: mac80211: reject TDLS operations when station is not associated - wifi: plfxlc: Fix error handling in usb driver probe - wifi: mac80211: Do not schedule stopped TXQs - wifi: mac80211: Don't call fq_flow_idx() for management frames - wifi: mac80211: Check 802.11 encaps offloading in ieee80211_tx_h_select_key() - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - wifi: ath12k: fix endianness handling while accessing wmi service bit - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - wifi: mac80211: Write cnt before copying in ieee80211_copy_rnr_beacon() - wifi: nl80211: Set num_sub_specs before looping through sub_specs - ring-buffer: Remove ring_buffer_read_prepare_sync() - memcg_slabinfo: Fix use of PG_slab - Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' - Bluetooth: hci_event: Mask data status from LE ext adv reports - bpf: Disable migration in nf_hook_run_bpf(). - can: peak_usb: fix USB FD devices potential malfunction - can: kvaser_pciefd: Store device channel index - can: kvaser_usb: Assign netdev.dev_port based on device channel index - netfilter: xt_nfacct: don't assume acct name is null-terminated - net/mlx5e: Clear Read-Only port buffer size in PBMC before update - net/mlx5e: Remove skb secpath if xfrm state is not found - stmmac: xsk: fix negative overflow of budget in zerocopy mode - vrf: Drop existing dst reference in vrf_ip6_input_dst - ipv6: prevent infinite loop in rt6_nlmsg_size() - ipv6: fix possible infinite loop in fib6_info_uses_dev() - ipv6: annotate data-races around rt->fib6_nsiblings - bpf/preload: Don't select USERMODE_DRIVER - [arm64] bpf, arm64: Fix fp initialization for exception boundary - fortify: Fix incorrect reporting of read buffer size - [arm64] PCI: rockchip-host: Fix "Unexpected Completion" log message - [arm64] clk: renesas: rzv2h: Fix missing CLK_SET_RATE_PARENT flag for ddiv clocks - [arm64] crypto: sun8i-ce - fix nents passed to dma_unmap_sg() - [amd64] crypto: qat - use unmanaged allocation for dc_data - [arm64,armhf] crypto: marvell/cesa - Fix engine load inaccuracy - [amd64] crypto: qat - allow enabling VFs in the absence of IOMMU - [amd64] crypto: qat - fix state restore for banks with exceptions - mtd: fix possible integer overflow in erase_xfer() - media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check - power: supply: cpcap-charger: Fix null check for power_supply_get_by_name - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - [armhf] crypto: arm/aes-neonbs - work around gcc-15 warning - pinctrl: sunxi: Fix memory leak on krealloc failure - dmaengine: mmp: Fix again Wvoid-pointer-to-enum-cast warning - [arm64] phy: qualcomm: phy-qcom-eusb2-repeater: Don't zero-out registers - fanotify: sanitize handle_type values when reporting fid - Fix dma_unmap_sg() nents value - perf tools: Fix use-after-free in help_unknown_cmd() - perf dso: Add missed dso__put to dso__load_kcore - mtd: spi-nor: spansion: Fixup params->set_4byte_addr_mode for SEMPER - perf sched: Make sure it frees the usage string - perf sched: Free thread->priv using priv_destructor - perf sched: Fix memory leaks in 'perf sched map' - perf sched: Fix memory leaks for evsel->priv in timehist - perf sched: Use RC_CHK_EQUAL() to compare pointers - perf sched: Fix memory leaks in 'perf sched latency' - [arm64] RDMA/hns: Fix double destruction of rsv_qp - [arm64] RDMA/hns: Fix HW configurations not cleared in error flow - [amd64] crypto: ccp - Fix locking on alloc failure handling - [arm64] crypto: inside-secure - Fix `dma_unmap_sg()` nents value - [amd64] crypto: ccp - Fix crash when rebind ccp device for ccp.ko - [arm64] RDMA/hns: Get message length of ack_req from FW - [arm64] RDMA/hns: Fix accessing uninitialized resources - [arm64] RDMA/hns: Drop GFP_NOWARN - [arm64] RDMA/hns: Fix -Wframe-larger-than issue - kernel: trace: preemptirq_delay_test: use offstack cpu mask - proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al - pinmux: fix race causing mux_owner NULL with active mux_usecount - perf tests bp_account: Fix leaked file descriptor - [riscv64] clk: thead: th1520-ap: Correctly refer the parent of osc_12m - [armhf] clk: sunxi-ng: v3s: Fix de clock definition - [ppc64el] scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: isci: Fix dma_unmap_sg() nents value - ext4: Make sure BH_New bit is cleared in ->write_end handler - [arm64] hwrng: mtk - handle devm_pm_runtime_enable errors - [amd64] crypto: qat - disable ZUC-256 capability for QAT GEN5 - soundwire: stream: restore params when prepare ports fail - PCI: endpoint: pci-epf-vntb: Fix the incorrect usage of __iomem attribute - remoteproc: xlnx: Disable unsupported features - fs/orangefs: Allow 2 more characters in do_c_string() - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - dmaengine: nbpfaxi: Add missing check after DMA map - perf tools: Remove libtraceevent in .gitignore - [amd64] crypto: qat - fix DMA direction for compression on GEN2 devices - [amd64] crypto: qat - fix seq_file position update in adf_ring_next() - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - jfs: fix metapage reference count leak in dbAllocCtl - drm/xe/vf: Disable CSC support on VF - perf record: Cache build-ID of hit DSOs only - vdpa/mlx5: Fix needs_teardown flag calculation - vhost-scsi: Fix log flooding with target does not exist errors - vdpa/mlx5: Fix release of uninitialized resources on error path - vdpa: Fix IDR memory leak in VDUSE module exit - vhost: Reintroduce kthread API and add mode selection - bpf: Check flow_dissector ctx accesses are aligned - bpf: Check netfilter ctx accesses are aligned - apparmor: ensure WB_HISTORY_SIZE value is a power of 2 - apparmor: fix loop detection used in conflicting attachment resolution - apparmor: Fix unaligned memory accesses in KUnit test - module: Restore the moduleparam prefix length check - ucount: fix atomic_long_inc_below() argument type - rtc: ds1307: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: nct3018y: fix incorrect maximum clock rate handling - rtc: pcf85063: fix incorrect maximum clock rate handling - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: rv3028: fix incorrect maximum clock rate handling - f2fs: turn off one_time when forcibly set to foreground GC - f2fs: fix bio memleak when committing super block - f2fs: fix KMSAN uninit-value in extent_info usage - f2fs: fix to check upper boundary for value of gc_boost_zoned_gc_percent - f2fs: fix to check upper boundary for gc_valid_thresh_ratio - f2fs: fix to check upper boundary for gc_no_zoned_gc_percent - f2fs: doc: fix wrong quota mount option description - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: vm_unmap_ram() may be called from an invalid context - f2fs: fix to update upper_p in __get_secs_required() correctly - f2fs: fix to calculate dirty data during has_not_enough_free_secs() - f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode - exfat: fdatasync flag should be same like generic_write_sync() - i2c: muxes: mule: Fix an error handling path in mule_i2c_mux_probe() - vfio: Fix unbalanced vfio_df_close call in no-iommu mode - vfio: Prevent open_count decrement to negative - vfio/pds: Fix missing detach_ioas op - vfio/pci: Separate SR-IOV VF dev_set - scsi: mpt3sas: Fix a fw_event memory leak - scsi: Revert "scsi: iscsi: Fix HW conn removal use after free" - scsi: ufs: core: Use link recovery when h8 exit fails during runtime resume - scsi: sd: Make sd shutdown issue START STOP UNIT appropriately - kconfig: qconf: fix ConfigList::updateListAllforAll() - sched/psi: Fix psi_seq initialization - PCI: pnv_php: Clean up allocated IRQs on unplug - PCI: pnv_php: Work around switches with broken presence detection - [powerpc*] eeh: Export eeh_unfreeze_pe() - [powerpc*] eeh: Make EEH driver device hotplug safe - PCI: pnv_php: Fix surprise plug detection and recovery - pNFS/flexfiles: don't attempt pnfs on fatal DS errors - sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() - NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - NFSv4.2: another fix for listxattr - NFS: Fixup allocation flags for nfsiod's __GFP_NORETRY - md/md-cluster: handle REMOVE message earlier - netpoll: prevent hanging NAPI when netcons gets enabled - phy: mscc: Fix parsing of unicast frames - net: ipa: add IPA v5.1 and v5.5 to ipa_version_string() - pptp: ensure minimal skb length in pptp_xmit() - nvmet: initialize discovery subsys after debugfs is initialized - [s390x] ap: Unmask SLCF bit in card and queue ap functions sysfs - netlink: specs: ethtool: fix module EEPROM input/output arguments - block: Fix default IO priority if there is no IO context - block: ensure discard_granularity is zero when discard is not supported - ASoC: tas2781: Fix the wrong step for TLV on tas2781 - [amd64] spi: cs42l43: Property entry should be a null-terminated array - net/mlx5: Correctly set gso_segs when LRO is used - ipv6: reject malicious packets in ipv6_gso_segment() - net: mdio: mdio-bcm-unimac: Correct rate fallback logic - net: drop UFO packets in udp_rcv_segment() - net/sched: taprio: enforce minimum value for picos_per_byte - sunrpc: fix client side handling of tls alerts - [x86] irq: Plug vector setup race - benet: fix BUG when creating VFs - net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing - [s390x] mm: Allocate page table with PAGE_SIZE granularity - eth: fbnic: remove the debugging trick of super high page bias - irqchip: Build IMX_MU_MSI only on ARM - ALSA: hda/ca0132: Fix missing error handling in ca0132_alt_select_out() - smb: server: remove separate empty_recvmsg_queue - smb: server: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: server: let recv_done() consistently call put_recvmsg/smb_direct_disconnect_rdma_connection - smb: server: let recv_done() avoid touching data_transfer after cleanup/move - smb: client: remove separate empty_packet_queue - smb: client: make sure we call ib_dma_unmap_single() only if we called ib_dma_map_single already - smb: client: let recv_done() cleanup before notifying the callers. - smb: client: let recv_done() avoid touching data_transfer after cleanup/move - nvmet: exit debugfs after discovery subsystem exits - pptp: fix pptp_xmit() error path - smb: client: return an error if rdma_connect does not return within 5 seconds - sunrpc: fix handling of server side tls alerts - perf/core: Don't leak AUX buffer refcount on allocation failure - perf/core: Exit early on perf_mmap() fail - perf/core: Prevent VMA split of buffer mappings - selftests/perf_events: Add a mmap() correctness test - net/packet: fix a race in packet_set_ring() and packet_notifier() - vsock: Do not allow binding to VMADDR_PORT_ANY - [amd64] accel/ivpu: Fix reset_engine debugfs file logic - Revert "bcache: remove heap-related macros and switch to generic min_heap" - ice/ptp: fix crosstimestamp reporting - [amd64] drm/i915/ddi: change intel_ddi_init_{dp, hdmi}_connector() return type - [amd64] drm/i915/hdmi: propagate errors from intel_hdmi_init_connector() - [amd64] drm/i915/hdmi: add error handling in g4x_hdmi_init() - [amd64] drm/i915/ddi: gracefully handle errors from intel_ddi_init_hdmi_connector() - [amd64] drm/i915/display: add intel_encoder_is_hdmi() - [amd64] drm/i915/ddi: only call shutdown hooks for valid encoders - ksmbd: fix null pointer dereference error in generate_encryptionkey - ksmbd: fix Preauh_HashValue race condition - ksmbd: fix corrupted mtime and ctime in smb2_open - ksmbd: limit repeated connections from clients with the same IP (CVE-2025-38501) - smb: server: Fix extension string in ksmbd_extract_shortname() - USB: serial: option: add Foxconn T99W709 - PCI/ASPM: Save parent L1SS config in pci_save_aspm_l1ss_state() - PCI/ASPM: Fix L1SS saving - Bluetooth: btusb: Add USB ID 3625:010b for TP-LINK Archer TX10UB Nano - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - net: usbnet: Fix the wrong netif_carrier_on() call - [x86] sev: Evict cache lines during SNP memory validation (CVE-2024-36331) - ALSA: intel_hdmi: Fix off-by-one error in __hdmi_lpe_audio_probe() - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r1xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-s0xxx - ALSA: hda/realtek - Fix mute LED for HP Victus 16-d1xxx (MB 8A26) - [adm64] platform/x86/intel/pmt: fix a crashlog NULL pointer access - [x86] fpu: Delay instruction pointer fixup until after warning - [s390x] mm: Remove possible false-positive warning in pte_free_defer() - [mips*] mm: tlb-r4k: Uniquify TLB entries on init - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - mm: swap: correctly use maxpages in swapon syscall to avoid potential deadloop - mm: swap: fix potential buffer overflow in setup_clusters() - perf/arm-ni: Set initial IRQ affinity - media: ti: j721e-csi2rx: fix list_del corruption - HID: apple: validate feature-report field count to prevent NULL pointer dereference - USB: gadget: f_hid: Fix memory leak in hidg_bind error path - usb: gadget : fix use-after-free in composite_dev_cleanup() https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.43 - io_uring: don't use int for ABI - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: hda/realtek: Fix headset mic on HONOR BRB-X - ALSA: hda/realtek: Add Framework Laptop 13 (AMD Ryzen AI 300) to quirks - smb3: fix for slab out of bounds on mount to ksmbd - smb: client: remove redundant lstrp update in negotiate protocol - gpio: virtio: Fix config space reading. - gpio: mlxbf2: use platform_get_irq_optional() - Revert "gpio: mlxbf3: only get IRQ for device instance 0" - gpio: mlxbf3: use platform_get_irq_optional() - leds: flash: leds-qcom-flash: Fix registry access after re-bind - Revert "leds: trigger: netdev: Configure LED blink interval for HW offload" - netlink: avoid infinite retry looping in netlink_unicast() (Closes: #1111017) - net: phy: micrel: fix KSZ8081/KSZ8091 cable test - [armhf] net: ftgmac100: fix potential NULL pointer access in ftgmac100_phy_disconnect - [arm64] net: enetc: fix device and OF node leak at probe - [arm64] net: mtk_eth_soc: fix device leak at probe - [arm64] net: ti: icss-iep: fix device and OF node leaks at probe - net: usb: asix_devices: add phy_mask for ax88772 mdio bus - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - NFS: Fix the setting of capabilities when automounting a new filesystem - PCI: Extend isolated function probing to LoongArch - [arm64] clk: samsung: exynos850: fix a comment - [arm64] clk: samsung: gs101: fix CLK_DOUT_CMU_G3D_BUSD - [arm64] clk: samsung: gs101: fix alternate mout_hsi0_usb20_ref parent clock - fscrypt: Don't use problematic non-inline crypto engines - fs: Prevent file descriptor table allocations exceeding INT_MAX - eventpoll: Fix semi-unbounded recursion (CVE-2025-38614) - Documentation: ACPI: Fix parent device references - ACPI: processor: perflib: Fix initial _PPC limit application - ACPI: processor: perflib: Move problematic pr->performance check - block: Make REQ_OP_ZONE_FINISH a write operation - mm/memory-tier: fix abstract distance calculation overflow - smb: client: let send_done() cleanup before calling smbd_disconnect_rdma_connection() - smb: client: don't wait for info->send_pending == 0 on error - [amd64] KVM: x86: Convert vcpu_run()'s immediate exit param into a generic bitmap - [amd64] KVM: x86: Drop kvm_x86_ops.set_dr6() in favor of a new KVM_RUN flag - [amd64] KVM: VMX: Allow guest to set DEBUGCTL.RTM_DEBUG if RTM is supported - [amd64] KVM: VMX: Extract checking of guest's DEBUGCTL into helper - [amd64] KVM: nVMX: Check vmcs12->guest_ia32_debugctl on nested VM-Enter - [amd64] KVM: VMX: Wrap all accesses to IA32_DEBUGCTL with getter/setter APIs - [amd64] KVM: VMX: Preserve host's DEBUGCTLMSR_FREEZE_IN_SMM while running the guest - [amd64] habanalabs: fix UAF in export_dmabuf() - mm/smaps: fix race between smaps_hugetlb_range and migration - udp: also consider secpath when evaluating ipsec use for checksumming - netfilter: ctnetlink: fix refcount leak on table dump - [arm64] net: ti: icssg-prueth: Fix emac link speed handling - [arm64] net: ti: icss-iep: Fix incorrect type for return value in extts_enable() - sctp: linearize cloned gso packets in sctp_rcv - [amd64] intel_idle: Allow loading ACPI tables for any family - cpuidle: governors: menu: Avoid using invalid recent intervals data - ptp: prevent possible ABBA deadlock in ptp_clock_freerun() - tls: handle data disappearing from under the TLS ULP (CVE-2025-38616) - net: kcm: Fix race condition in kcm_unattach() - hfs: fix general protection fault in hfs_find_init() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - [arm64] Handle KCOV __init vs inline mismatches - smb/server: avoid deadlock when linking with ReplaceIfExists - nvme-pci: try function level reset on init failure - dm-stripe: limit chunk_sectors to the stripe size - md/raid10: set chunk_sectors limit - nvme-tcp: log TLS handshake failures at error level - gfs2: Validate i_depth for exhash directories - gfs2: Set .migrate_folio in gfs2_{rgrp,meta}_aops - loop: Avoid updating block size under exclusive owner - udf: Verify partition map count - drbd: add missing kref_get in handle_write_conflicts - hfs: fix not erasing deleted b-tree node issue - better lockdep annotations for simple_recursive_removal() - ata: ahci: Disallow LPM policy control if not supported - ata: ahci: Disable DIPM if host lacks support - ata: libata-sata: Disallow changing LPM state if not supported - fs/ntfs3: Add sanity check for file name - fs/ntfs3: correctly create symlink for relative path - pidfs: raise SB_I_NODEV and SB_I_NOEXEC - fix locking in efi_secret_unlink() - securityfs: don't pin dentries twice, once is enough... - tracefs: Add d_delete to remove negative dentries - usb: xhci: print xhci->xhc_state when queue_command failed - [amd64] platform/x86/amd: pmc: Add Lenovo Yoga 6 13ALC6 to pmc quirk list - cpufreq: CPPC: Mark driver with NEED_UPDATE_LIMITS flag - usb: typec: ucsi: psy: Set current max to 100mA for BC 1.2 and Default - usb: xhci: Avoid showing warnings for dying controller - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing errors during surprise removal - [arm64] soc: qcom: rpmh-rsc: Add RSC version 4 support - ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered - remoteproc: imx_rproc: skip clock enable when M-core is managed by the SCU - usb: typec: tcpm/tcpci_maxim: fix irq wake usage - pmdomain: ti: Select PM_GENERIC_DOMAINS - [arm64] gpio: wcd934x: check the return value of regmap_update_bits() - cpufreq: Exit governor when failed to start old governor - cpufreq: intel_pstate: Add Granite Rapids support in no-HWP mode - [armhf] rockchip: fix kernel hang during smp initialization - PM / devfreq: governor: Replace sscanf() with kstrtoul() in set_freq_store() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - [arm64] thermal/drivers/qcom-spmi-temp-alarm: Enable stage 2 shutdown when required - iio: adc: ad_sigma_delta: don't overallocate scan buffer - [armhf] tegra: Use I/O memcpy to write to IRAM - ACPI: PRM: Reduce unnecessary printing to avoid user confusion - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: sleep: console: Fix the black screen issue - ACPI: processor: fix acpi_object initialization - [arm64] mmc: sdhci-msm: Ensure SD card power isn't ON when card removed - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - pps: clients: gpio: fix interrupt handling order in remove path - reset: brcmstb: Enable reset drivers for ARCH_BCM2835 - char: misc: Fix improper and inaccurate error code returned by misc_init() - [amd64] mei: bus: Check for still connected devices in mei_cl_bus_dev_release() - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - [amd64,arm64] platform/chrome: cros_ec_sensorhub: Retries when a sensor is not ready - ALSA: hda: Handle the jack polling always via a work - ALSA: hda: Disable jack polling at shutdown - [amd64] x86/bugs: Avoid warning when overriding return thunk - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: SOF: topology: Parse the dapm_widget_tokens in case of DSPless mode - tty: serial: fix print format specifiers - ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() - usb: typec: intel_pmc_mux: Defer probe if SCU IPC isn't present - usb: core: usb_submit_urb: downgrade type check - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - [arm64] imx8m-blk-ctrl: set ISI panic write hurry level - [arm64] soc: qcom: mdt_loader: Actually use the e_phoff - [amd64] platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - [amd64,arm64] platform/chrome: cros_ec_typec: Defer probe on missing EC parent - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - ALSA: pcm: Rewrite recalculate_boundary() to avoid costly loop - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - iio: adc: ad7768-1: Ensure SYNC_IN pulse minimum timing requirement - ASoC: codecs: rt5640: Retry DEVICE_ID verification - [arm64] ASoC: qcom: use drvdata instead of component to keep id - netfilter: nft_set_pipapo: prefer kvmalloc for scratch maps - [powerpc*] thp: tracing: Hide hugepage events under CONFIG_PPC_BOOK3S_64 - Bluetooth: btusb: Add new VID/PID 0489/e14e for MT7925 - Bluetooth: hci_sock: Reset cookie to zero in hci_sock_free_cookie() - xen/netfront: Fix TX response spurious interrupts - wifi: iwlwifi: mvm: avoid outdated reorder buffer head_sn - net: usb: cdc-ncm: check for filtering capability - wifi: ath12k: Correct tid cleanup when tid setup fails - wifi: cfg80211: reject HTC bit for management frames - [s390x] time: Use monotonic clock in get_cycles() - be2net: Use correct byte order and format string for TCP seq and ack_seq - libbpf: Verify that arena map exists when adding arena relocations - idpf: preserve coalescing settings across resets - wifi: rtw89: wow: Add Basic Rate IE to probe request in scheduled scan mode - wifi: rtw89: Lower the timeout in rtw89_fw_read_c2h_reg() for USB - et131x: Add missing check after DMA map - net: ag71xx: Add missing check after DMA map - net/mlx5e: Properly access RCU protected qdisc_sleeping variable - net: pcs: xpcs: mask readl() return value to 16 bits - [arm64] Mark kernel as tainted on SAE and SError panic - drm/amd/pm: fix null pointer access - rcu: Protect ->defer_qs_iw_pending from data race - drm/amd/display: limit clear_update_flags to dcn32 and above - net: mctp: Prevent duplicate binds - wifi: cfg80211: Fix interface type validation - wifi: mac80211: don't unreserve never reserved chanctx - net: ipv4: fix incorrect MTU in broadcast routes - [arm64] net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: phy: micrel: Add ksz9131_resume() - sched/deadline: Fix accounting after global limits change - bpf: Forget ranges when refining tnum after JSET - wifi: iwlwifi: mvm: set gtk id also in older FWs - wifi: iwlwifi: mvm: fix scan request validation - [s390x] stp: Remove udelay from stp_sync_clock() - net: phy: bcm54811: PHY initialization - sched/fair: Bump sd->max_newidle_lb_cost when newidle balance fails - wifi: mac80211: don't complete management TX on SAE commit - wifi: mac80211: avoid weird state in error path - [s390x] early: Copy last breaking event address to pt_regs - ipv6: mcast: Check inet6_dev->dead under idev->mc_lock in __ipv6_dev_mc_inc(). - rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access - wifi: mac80211: fix rx link assignment for non-MLO stations - [arm64] drm/msm: use trylock for debugfs - [arm64] drm/msm: Add error handling for krealloc in metadata setup - [arm64] perf/arm: Add missing .suppress_bind_attrs - wifi: rtw89: Fix rtw89_mac_power_switch() for USB - wifi: mt76: mt7915: mcu: re-init MCU before loading FW patch - drm/xe/xe_query: Use separate iterator while filling GT list - [amd64] net: thunderbolt: Enable end-to-end flow control also in transmit - [amd64] net: thunderbolt: Fix the parameter passing of tb_xdomain_enable_paths()/tb_xdomain_disable_paths() - xfrm: Duplicate SPI Handling - net: atlantic: add set_power to fw_ops for atl2 to fix wol - ACPI: Suppress misleading SPCR console message when SPCR table is absent - net: ieee8021q: fix insufficient table-size assertion - net: fec: allow disable coalescing - drm/amd/display: Separate set_gsl from set_gsl_source_select - wifi: ath10k: shutdown driver when hardware is unreliable - wifi: ath12k: Add memset and update default rate value in wmi tx completion - wifi: ath12k: Fix station association with MBSSID Non-TX BSS - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - drm/amd/display: Fix 'failed to blank crtc!' - drm/amd/display: Initialize mode_select to 0 - wifi: mac80211: update radar_required in channel context after channel switch - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: ath12k: Enable REO queue lookup table feature on QCN9274 hw2.0 - wifi: ath12k: Decrement TID on RX peer frag setup error handling - [powerpc*] floppy: Add missing checks after DMA map - netmem: fix skb_frag_address_safe with unreadable skbs - [arm64] stacktrace: Check kretprobe_find_ret_addr() return value - wifi: iwlegacy: Check rate_idx range after addition - neighbour: add support for NUD_PERMANENT proxy entries - dpaa_eth: don't use fixed_phy_change_carrier - drm/amd: Allow printing VanGogh OD SCLK levels without setting dpm to manual - net: vlan: Make is_vlan_dev() a stub when VLAN is not configured - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - gve: Return error for unknown admin queue command - [armhf] net: dsa: b53: ensure BCM5325 PHYs are enabled - [armhf] net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - [armhf] net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - [armhf] net: dsa: b53: prevent DIS_LEARNING access on BCM5325 - [armhf] net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - bpftool: Fix JSON writer resource leak in version command - ptp: Use ratelimite for freerun error message - wifi: rtw89: scan abort when assign/unassign_vif - wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_init_one_rxdesc() - ionic: clean dbpage in de-init - drm/xe: Make dma-fences compliant with the safe access rules - [armhf] net: ncsi: Fix buffer overflow in fetching version id - drm/ttm: Should to return the evict error - uapi: in6: restore visibility of most IPv6 socket options - bpf: Make reg_not_null() true for CONST_PTR_TO_MAP - drm/amd/display: Update DMCUB loading sequence for DCN3.5 - drm/amd/display: Avoid trying AUX transactions on disconnected ports - drm/ttm: Respect the shrinker core free target - rcu: Fix rcu_read_unlock() deadloop due to IRQ work - [armhf] net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - vsock/virtio: Resize receive buffers so that each SKB fits in a 4K page - vhost: fail early when __vhost_add_used() fails - drm/amd/display: Only finalize atomic_obj if it was initialized - drm/amd/display: Avoid configuring PSR granularity if PSR-SU not supported - drm/amd/display: Disable dsc_power_gate for dcn314 by default - watchdog: sbsa: Adjust keepalive timeout to avoid MediaTek WS0 race condition - cifs: Fix calling CIFSFindFirst() for root path without msearch - fbdev: fix potential buffer overflow in do_register_framebuffer() - crypto: hisilicon/hpre - fix dma unmap sequence - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - [arm64,armhf] clk: tegra: periph: Fix error handling and resolve unsigned compare warning - mfd: axp20x: Set explicit ID for AXP313 regulator - [arm64] phy: rockchip-pcie: Properly disable TEST_WRITE strobe signal - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - fs/orangefs: use snprintf() instead of sprintf() - watchdog: dw_wdt: Fix default timeout - hwmon: (emc2305) Set initial PWM minimum value during probe based on thermal state - [mips*] vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: iTCO_wdt: Report error if timeout configuration fails - scsi: bfa: Double-free fix - jfs: truncate good inode pages when hard link is 0 - jfs: Regular file corruption check - jfs: upper bound check of tree index in dbAllocAG - media: hi556: Fix reset GPIO timings - RDMA/bnxt_re: Fix size of uverbs_copy_to() in BNXT_RE_METHOD_GET_TOGGLE_MEM - crypto: jitter - fix intermediary handling - [mips*] Don't crash in stack_top() for tasks without ABI or vDSO - [riscv64] clk: thead: Mark essential bus clocks as CLK_IGNORE_UNUSED - media: ipu-bridge: Add _HID for OV5670 - media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control - leds: leds-lp50xx: Handle reg to get correct multi_index - [armhf] dmaengine: stm32-dma: configure next sg only if there are more than 2 sgs - [amd64] RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - RDMA/core: reduce stack using in nldev_stat_get_doit() - scsi: lpfc: Ensure HBA_SETUP flag is used only for SLI4 in dev_loss_tmo_callbk - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - power: supply: qcom_battmgr: Add lithium-polymer entry - scsi: mpt3sas: Correctly handle ATA device errors - scsi: mpi3mr: Correctly handle ATA device errors - [armhf] pinctrl: stm32: Manage irq affinity settings - media: usb: hdpvr: disable zero-length read messages - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: uvcvideo: Add quirk for HP Webcam HD 2300 - media: uvcvideo: Fix bandwidth issue for Alcor camera - [amd64] crypto: ccp - Add missing bootloader info reg for pspv6 - [arm64] clk: renesas: rzg2l: Postpone updating priv->clks[] - soundwire: amd: serialize amd manager resume sequence during pm_prepare - soundwire: amd: cancel pending slave status handling workqueue during remove sequence - soundwire: Move handle_nested_irq outside of sdw_dev_lock - md: dm-zoned-target: Initialize return variable r to avoid uninitialized use - module: Prevent silent truncation of module name in delete_module(2) - i3c: add missing include to internal header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - apparmor: shift ouid when mediating hard links in userns - i3c: don't fail if GETHDRCAP is unsupported - i3c: master: Initialize ret in i3c_i2c_notifier_call() - dm-mpath: don't print the "loaded" message if registering fails - dm-table: fix checking for rq stackable devices - apparmor: use the condition in AA_BUG_FMT even with debug disabled - apparmor: fix x_table_lookup when stacking is not the first entry - i2c: Force DLL0945 touchpad i2c freq to 100khz - exfat: add cluster chain loop check for dir - f2fs: check the generic conditions first - printk: nbcon: Allow reacquire during panic - vfio/type1: conditional rescheduling while pinning - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - scsi: target: core: Generate correct identifiers for PR OUT transport IDs - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - vfio/mlx5: fix possible overflow in tracking max message size - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - ipmi: Fix strcpy source and destination the same - tools/power turbostat: Handle non-root legacy-uncore sysfs permissions - tools/power turbostat: Fix build with musl - tools/power turbostat: Handle cap_get_proc() ENOSYS - smb: client: don't call init_waitqueue_head(&info->conn_wait) twice in _smbd_get_connection - lib/sbitmap: convert shallow_depth from one word to the whole sbitmap - ALSA: hda/realtek: add LG gram 16Z90R-A to alc269 fixup table - net: phy: smsc: add proper reset flags for LAN8710A - [amd64] ASoC: Intel: avs: Fix uninitialized pointer error in probe() - block: avoid possible overflow for chunk_sectors check in blk_stack_limits() - pNFS: Fix stripe mapping in block/scsi layout - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix uninited ptr deref in block/scsi layout - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - scsi: lpfc: Remove redundant assignment to avoid memory leak - [amd64,armhf] ASoC: fsl_sai: replace regmap_write with regmap_update_bits - cifs: Fix collect_sample() to handle any iterator type - drm/amdgpu: fix vram reservation issue - drm/amdgpu: fix incorrect vm flags to map bo - mm/damon/core: commit damos->target_nid - block: Introduce bio_needs_zone_write_plugging() - dm: Always split write BIOs to zoned device limits - cifs: reset iface weights when we cannot find a candidate - [amd64] iommu/vt-d: Optimize iotlb_sync_map for non-caching/non-RWBF modes - [arm64] iommu/arm-smmu-qcom: Add SM6115 MDSS compatible - iommufd: Report unmapped bytes in the error path of iopt_unmap_iova_range - iommufd: Prevent ALIGN() overflow - ext4: fix zombie groups in average fragment size lists - ext4: fix largest free orders lists corruption on mb_optimize_scan switch - ext4: initialize superblock fields in the kballoc-test.c kunit tests - usb: core: config: Prevent OOB read in SS endpoint companion parsing - misc: rtsx: usb: Ensure mmc child device is active when card is present - usb: typec: ucsi: Update power_supply on power role change - [amd64] comedi: fix race between polling and detaching - [amd64] thunderbolt: Fix copy+paste error in match_service_id() - cdc-acm: fix race between initial clearing halt and open - btrfs: zoned: use filesystem size not disk size for reclaim decision - btrfs: abort transaction during log replay if walk_log_tree() failed - btrfs: zoned: do not remove unwritten non-data block group - btrfs: qgroup: set quota enabled bit if quota disable fails flushing reservations - btrfs: don't ignore inode missing when replaying log tree - btrfs: fix ssd_spread overallocation - btrfs: populate otime when logging an inode item - btrfs: qgroup: fix qgroup create ioctl returning success after quotas disabled - btrfs: don't skip remaining extrefs if dir not found during log replay - btrfs: clear dirty status from extent buffer on error at insert_new_root() - btrfs: fix log tree replay failure due to file with 0 links and extents - btrfs: error on missing block group when unaccounting log tree extent buffers - btrfs: zoned: do not select metadata BG as finish target - btrfs: fix iteration bug in __qgroup_excl_accounting() - btrfs: do not allow relocation of partially dropped subvolumes - xfs: fix scrub trace with null pointer in quotacheck - userfaultfd: fix a crash in UFFDIO_MOVE when PMD is a migration entry - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit - net/sched: ets: use old 'nbands' while purging unused classes - [amd64,arm64] hv_netvsc: Fix panic during namespace deletion with VF - mm, slab: restore NUMA policy support for large kmalloc - mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - media: venus: Fix OOB read due to missing payload bound check - media: uvcvideo: Do not mark valid metadata as invalid - media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() - HID: magicmouse: avoid setting up battery timer when not needed - wifi: mac80211: check basic rates validity in sta_link_apply_parameters - HID: apple: avoid setting up battery timer for devices without battery - mfd: cros_ec: Separate charge-control probing from USB-PD - net: Add net_passive_inc() and net_passive_dec(). - net: better track kernel sockets lifetime (CVE-2025-21884) - smb: client: fix netns refcount leak after net_passive changes - PCI: Store all PCIe Supported Link Speeds - PCI: Allow PCI bridges to go to D3Hot on all non-x86 - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - [arm64] dts: ti: k3-j722s-evm: Fix USB2.0_MUX_SEL to select Type-C - [arm64] dts: ti: k3-j722s-evm: Fix USB gpio-hog level for Type-C - ata: libata-sata: Add link_power_management_supported sysfs attribute - io_uring/rw: cast rw->flags assignment to rwf_t - drm/amd/display: Allow DCN301 to clear update flags - rcu: Fix racy re-initialization of irq_work causing hangs - dm: split write BIOs on zone boundaries when zone append is not emulated - PCI: Honor Max Link Speed when determining supported speeds - ACPI: Return -ENODEV from acpi_parse_spcr() when SPCR support is disabled . [ Bastian Blank ] * [amd64, arm64] Enable MANA_INFINIBAND. . [ Salvatore Bonaccorso ] * [amd64] udeb: kernel-image: Include SPI drivers * ext4: don't try to clear the orphan_present feature block device is r/o (Closes: #1108271) * alloc_fdtable(): change calling conventions. * net: ipv4: fix regression in local-broadcast route . [ Ben Hutchings ] * proc: fix missing pde_set_flags() for net proc files linux-signed-arm64 (6.12.41+1) trixie-security; urgency=high . * Sign kernel from linux 6.12.41-1 . * New upstream stable update: https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.39 - eventpoll: don't decrement ep refcount while still holding the ep mutex (CVE-2025-38349) - drm/amdgpu/discovery: use specific ip_discovery.bin for legacy asics - drm/amdgpu/ip_discovery: add missing ip_discovery fw - [s390x] crypto: s390/sha - Fix uninitialized variable in SHA-1 and SHA-2 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV (CVE-2025-38104) - [amd64] ASoC: Intel: SND_SOC_INTEL_SOF_BOARD_HELPERS select SND_SOC_ACPI_INTEL_MATCH - [amd64] ASoC: Intel: soc-acpi: arl: Correct naming of a cs35l56 address struct - [amd64] ASoC: Intel: soc-acpi: arl: Add match entries for new cs42l43 laptops - [amd64] ASoC: soc-acpi: add get_function_tplg_files ops - [amd64] ASoC: Intel: add sof_sdw_get_tplg_files ops - [amd64] ASoC: Intel: soc-acpi-intel-arl-match: set get_function_tplg_files ops - [amd64] ASoC: Intel: soc-acpi: arl: Correct order of cs42l43 matches - perf/core: Fix the WARN_ON_ONCE is out of lock protected region - irqchip/irq-msi-lib: Select CONFIG_GENERIC_MSI_IRQ - sched/core: Fix migrate_swap() vs. hotplug - perf: Revert to requiring CAP_SYS_ADMIN for uprobes - ASoC: cs35l56: probe() should fail if the device ID is not recognized - Bluetooth: hci_sync: Fix not disabling advertising instance - Bluetooth: hci_event: Fix not marking Broadcast Sink BIS as connected - pinctrl: amd: Clear GPIO debounce for suspend - fix proc_sys_compare() handling of in-lookup dentries - sched/deadline: Fix dl_server runtime calculation formula - bnxt_en: eliminate the compile warning in bnxt_request_irq due to CONFIG_RFS_ACCEL - [arm64] poe: Handle spurious Overlay faults - [arm64] net: phy: qcom: move the WoL function to shared library - [arm64] net: phy: qcom: qca808x: Fix WoL issue by utilizing at8031_set_wol() - netlink: Fix wraparounds of sk->sk_rmem_alloc. - vsock: fix `vsock_proto` declaration - tipc: Fix use-after-free in tipc_conn_close(). - tcp: Correct signedness in skb remaining space calculation - vsock: Fix transport_{g2h,h2g} TOCTOU - vsock: Fix transport_* TOCTOU - vsock: Fix IOCTL_VM_SOCKETS_GET_LOCAL_CID to check also `transport_local` - net: stmmac: Fix interrupt handling for level-triggered mode in DWC_XGMAC2 - net: phy: smsc: Fix Auto-MDIX configuration when disabled by strap - net: phy: smsc: Force predictable MDI-X state on LAN87xx - net: phy: smsc: Fix link failure in forced mode with Auto-MDIX - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - [arm64] net: ethernet: ti: am65-cpsw-nuss: Fix skb size by accounting for skb_shared_info - net/sched: Abort __tc_modify_qdisc if parent class does not exist - rxrpc: Fix bug due to prealloc collision - rxrpc: Fix oops due to non-existence of prealloc backlog struct - ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() - [amd64] x86/mce/amd: Add default names for MCA banks and blocks - [amd64] x86/mce/amd: Fix threshold limit reset - [amd64] x86/mce: Don't remove sysfs if thresholding sysfs init fails - [amd64] x86/mce: Ensure user polling settings are honored when restarting timer - [amd64] x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - [amd64] KVM: x86/xen: Allow 'out of range' event channel ports in IRQ routing table. - [amd64] KVM: SVM: Add missing member in SNP_LAUNCH_START command structure - [amd64] KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight - KVM: Allow CPU to reschedule while setting per-page memory attributes - ASoC: fsl_sai: Force a software reset when starting in consumer mode - gre: Fix IPv6 multicast route creation. (Closes: #1108430) - md/md-bitmap: fix GPF in bitmap_get_stats() (Closes: #1109734) - [arm64] pinctrl: qcom: msm: mark certain pins as invalid for interrupts - pwm: Fix invalid state detection - pwm: mediatek: Ensure to disable clocks in error path - wifi: prevent A-MSDU attacks in mesh networks (CVE-2025-27558) - wifi: mwifiex: discard erroneous disassoc frames on STA interface - wifi: mt76: mt7921: prevent decap offload config before STA initialization - wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_sta_set_decap_offload() - wifi: mt76: mt7925: fix the wrong config for tx interrupt - wifi: mt76: mt7925: fix invalid array index in ssid assignment during hw scan - drm/imagination: Fix kernel crash when hard resetting the GPU - drm/amdkfd: Don't call mmput from MMU notifier callback - drm/gem: Acquire references on GEM handles for framebuffers - drm/sched: Increment job count before swapping tail spsc queue - drm/ttm: fix error handling in ttm_buffer_object_transfer - drm/gem: Fix race in drm_gem_handle_create_tail() - drm/xe/bmg: fix compressed VRAM handling - Revert "drm/xe/xe2: Enable Indirect Ring State support for Xe2" - usb: gadget: u_serial: Fix race condition in TTY wakeup - Revert "usb: gadget: u_serial: Add null pointer check in gs_start_io" - drm/framebuffer: Acquire internal references on GEM handles - drm/xe: Allocate PF queue size on pow2 boundary - Revert "ACPI: battery: negate current when discharging" (Closes: #1109344) - Revert "PCI/ACPI: Fix allocated memory release on error in pci_acpi_scan_root()" - kallsyms: fix build without execinfo - maple_tree: fix mt_destroy_walk() on root leaf node - mm: fix the inaccurate memory statistics issue for users - mm/vmalloc: leave lazy MMU mode on PTE mapping error - lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() - [amd64] x86/rdrand: Disable RDSEED on AMD Cyan Skillfish - [amd64] x86/mm: Disable hugetlb page table sharing on 32-bit - [arm64] clk: scmi: Handle case where child clocks are initialized before their parents - smb: server: make use of rdma_destroy_qp() - ksmbd: fix a mount write count leak in ksmbd_vfs_kern_path_locked() - erofs: fix to add missing tracepoint in erofs_read_folio() - erofs: address D-cache aliasing - [amd64] ASoC: Intel: sof-function-topology-lib: Print out the unsupported dmic count - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - netfs: Fix ref leak on inserted extra subreq in write retry - wifi: cfg80211: fix S1G beacon head validation in nl80211 - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - drm/tegra: nvdec: Fix dma_alloc_coherent error check - md/raid1: Fix stack memory use after return in raid1_reshape - raid10: cleanup memleak at raid10_make_request - wifi: mac80211: correctly identify S1G short beacon - wifi: mac80211: fix non-transmitted BSSID profile search - wifi: rt2x00: fix remove callback type mismatch - drm/nouveau/gsp: fix potential leak of memory used during acpi init - wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() - nbd: fix uaf in nbd_genl_connect() error path - drm/xe/pf: Clear all LMTT pages on alloc - erofs: free pclusters if no cached folio is attached - erofs: get rid of `z_erofs_next_pcluster_t` - erofs: tidy up zdata.c - erofs: refine readahead tracepoint - erofs: fix to add missing tracepoint in erofs_readahead() - netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() - net: appletalk: Fix device refcount leak in atrtr_create() - ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof - net: phy: microchip: Use genphy_soft_reset() to purge stale LPA bits - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - drm/xe/pm: Correct comment of xe_pm_set_vram_threshold() - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net/mlx5e: Fix race between DIM disable and net_dim() - net/mlx5e: Add new prio for promiscuous mode - net: ll_temac: Fix missing tx_pending check in ethtools_set_ringparam() - bnxt_en: Fix DCB ETS validation - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - ublk: sanity check add_dev input for underflow - atm: idt77252: Add missing `dma_map_error()` - ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. - [amd64] ALSA: hda/realtek: Add mic-mute LED setup for ASUS UM5606 - io_uring: make fallocate be hashed work - [amd64] ASoC: amd: yc: add quirk for Acer Nitro ANV15-41 internal mic - ALSA: hda/realtek - Enable mute LED on HP Pavilion Laptop 15-eg100 - ALSA: hda/realtek: Add quirks for some Clevo laptops - net: usb: qmi_wwan: add SIMCom 8230C composition - driver: bluetooth: hci_qca:fix unable to load the BT driver - HID: lenovo: Add support for ThinkPad X1 Tablet Thin Keyboard Gen2 - net: mana: Record doorbell physical address in PF mode - btrfs: fix assertion when building free space tree - vt: add missing notification when switching back to text mode - bpf: Adjust free target to avoid global starvation of LRU map - [riscv64] vdso: Exclude .rodata from the PT_DYNAMIC segment - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: nintendo: avoid bluetooth suspend/resume stalls - erofs: fix rare pcluster memory leak after unmounting - net: wangxun: revert the adjustment of the IRQ vector sequence - kasan: remove kasan_find_vm_area() to prevent possible deadlock - ksmbd: fix potential use-after-free in oplock/lease break ack - [arm64] Filter out SME hwcaps when FEAT_SME isn't implemented - crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() (CVE-2025-37984) - rseq: Fix segfault on registration when rseq_cs is non-zero (CVE-2025-38067) - [amd64] KVM: SVM: Set synthesized TSA CPUID flags https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.40 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - USB: serial: option: add Foxconn T99W640 - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - usb: musb: fix gadget state on disconnect - [arm*] usb: dwc2: gadget: Fix enter to hibernation for UTMI+ PHY - usb: gadget: configfs: Fix OOB read on empty string write - [armhf] i2c: stm32: fix the device used for the DMA map - [armhf] i2c: stm32f7: unmap DMA mapped buffer - [amd64] thunderbolt: Fix wake on connect at runtime - [amd64] thunderbolt: Fix bit masking in tb_dp_port_set_hops() - Revert "staging: vchiq_arm: Create keep-alive thread during probe" - nvmem: imx-ocotp: fix MAC address byte length - nvmem: layouts: u-boot-env: remove crc32 endianness conversion - Input: xpad - set correct controller type for Acer NGR200 - pch_uart: Fix dma_sync_sg_for_device() nents value - spi: Add check for 8-bit transfer with 8 IO mode support - dm-bufio: fix sched in atomic context - HID: core: ensure the allocated report buffer can contain the reserved report ID - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: do not bypass hid_hw_raw_request - tracing/probes: Avoid using params uninitialized in parse_btf_arg() - tracing: Add down_write(trace_event_sem) when adding trace event - tracing/osnoise: Fix crash in timerlat_dump_stack() - drm/amdgpu/gfx8: reset compute ring wptr on the GPU on resume - drm/amdgpu: Increase reset counter only on success - drm/amd/display: Disable CRTC degamma LUT for DCN401 - drm/amd/display: Free memory allocation - ALSA: hda/realtek - Fix mute LED for HP Victus 16-r0xxx - ALSA: hda/realtek: Add quirk for ASUS ROG Strix G712LWS - io_uring/poll: fix POLLERR handling - mptcp: make fallback action and fallback decision atomic - mptcp: plug races between subflow fail and subflow creation - mptcp: reset fallback status gracefully at disconnect() time - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - net/mlx5: Update the list of the PCI supported devices - [arm64] dts: imx8mp-venice-gw74xx: fix TPM SPI frequency - [arm64] dts: add big-endian property back into watchdog node - [arm64] dts: freescale: imx8mm-verdin: Keep LDO5 always on - [arm64] dts: imx8mp-venice-gw71xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw72xx: fix TPM SPI frequency - [arm64] dts: imx8mp-venice-gw73xx: fix TPM SPI frequency - [arm64] dts: rockchip: use cs-gpios for spi1 on ringneck - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - af_packet: fix soft lockup issue caused by tpacket_snd() - Bluetooth: btintel: Check if controller is ISO capable on btintel_classify_pkt_type - cpuidle: psci: Fix cpuhotplug routine with PREEMPT_RT=y - isofs: Verify inode mode when loading from disk - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - [arm*] mmc: bcm2835: Fix dma_unmap_sg() nents value - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - [arm64] mmc: sdhci_am654: Workaround for Errata i2312 - [amd64] net: stmmac: intel: populate entire system_counterval_t in get_time_fn() callback - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - [s390x] bpf: Fix bpf_arch_text_poke() with new_addr == NULL again - smb: client: fix use-after-free in crypt_message when using async crypto - [armhf] soc: aspeed: lpc-snoop: Cleanup resources in stack-order - [armhf] soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush - iio: adc: axp20x_adc: Add missing sentinel to AXP717 ADC channel maps - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: backend: fix out-of-bound write - iio: common: st_sensors: Fix use of uninitialize device structs - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi CM5 - [arm64] dts: rockchip: Add cd-gpios for sdcard detect on Cool Pi 4B - [arm64] dts: imx95: Correct the DMA interrupter number of pcie0_ep - bpf: Reject %p% format string in bprintf-like helpers - cachefiles: Fix the incorrect return value in __cachefiles_write() - block: fix kobject leak in blk_unregister_queue - net/sched: sch_qfq: Fix race condition on qfq_aggregate - rpl: Fix use-after-free in rpl_do_srh_inline(). - smb: client: fix use-after-free in cifs_oplock_break - fix a leak in fcntl_dirnotify() - nvme: fix inconsistent RCU list manipulation in nvme_ns_add_to_ctrl_list() - nvme: fix endianness of command word prints in nvme_log_err_passthru() - smc: Fix various oops due to inet_sock type confusion. - net: phy: Don't register LEDs for genphy - nvme: fix misaccounting of nvme-mpath inflight I/O - nvmet-tcp: fix callback lock for TLS handshake - wifi: cfg80211: remove scan request n_channels counted_by - [amd64] hwmon: (corsair-cpro) Validate the size of the received input buffer - ice: add NULL check in eswitch lag check - ice: check correct pointer in fwlog debugfs - usb: net: sierra: check for no status endpoint - loop: use kiocb helpers to fix lockdep warning - [riscv64] Enable interrupt during exception handling - [riscv64] traps_misaligned: properly sign extend value in misaligned load handler - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - Bluetooth: hci_sync: fix connectable extended advertising when using static random address - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: hci_core: add missing braces when using macro parameters - Bluetooth: btusb: QCA: Fix downloading wrong NVM for WCN6855 GF variant without board ID - net/mlx5: Correctly set gso_size when LRO is used - ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - net: fix segmentation after TCP/UDP fraglist GRO - netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - drm/xe/pf: Sanitize VF scratch registers on FLR - drm/xe/pf: Move VFs reprovisioning to worker - drm/xe/pf: Prepare to stop SR-IOV support prior GT reset - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - [amd64,arm64] hv_netvsc: Set VF priv_flags to IFF_NO_ADDRCONF before open to prevent IPv6 addrconf - virtio-net: fix recursived rtnl_lock() during probe() - tls: always refresh the queue when reading sock - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - net: bridge: Do not offload IGMP/MLD messages - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - rxrpc: Fix recv-recv race of completed call - rxrpc: Fix transmission of an abort in response to an abort - Revert "cgroup_freezer: cgroup_freezing: Check if not frozen" - drm/mediatek: Add wait_event_timeout when disabling plane - drm/mediatek: only announce AFBC if really supported - libbpf: Fix handling of BPF arena relocations - efivarfs: Fix memory leak of efivarfs_fs_info in fs_context error paths - sched: Change nr_uninterruptible type to unsigned long - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns - btrfs: fix block group refcount race in btrfs_create_pending_block_groups() (CVE-2025-22115) - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: Fix flushing of delayed work used for post resume purposes - usb: hub: Don't try to recover devices lost during warm reset. - [arm64] usb: dwc3: qcom: Don't leave BCR asserted - [arm64,armhf] i2c: omap: Add support for setting mux - [arm64,armhf] i2c: omap: Fix an error handling path in omap_i2c_probe() - [arm64,armhf] i2c: omap: Handle omap_i2c_init() errors in omap_i2c_probe() - [arm64,armhf] i2c: omap: fix deprecated of_property_read_bool() use - sched,freezer: Remove unnecessary warning in __thaw_task - drm/xe/mocs: Initialize MOCS index early - drm/xe: Move page fault init after topology init - smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data - [amd64] iommu/vt-d: Fix misplaced domain_attached assignment (Closes: #1109676) - [amd64] KVM: x86/xen: Fix cleanup logic in emulation of Xen schedop poll hypercalls https://www.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.41 - [amd64] x86/traps: Initialize DR7 by writing its architectural reset value - Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT (CVE-2025-38335) - virtio_net: Enforce minimum TX ring size for reliability - virtio_ring: Fix error reporting in virtqueue_resize - regulator: core: fix NULL dereference on unbind due to stale coupling data - [amd64] platform/x86: asus-nb-wmi: add DMI quirk for ASUS Zenbook Duo UX8406CA - RDMA/core: Rate limit GID cache warning messages - [arm64] interconnect: qcom: sc7280: Add missing num_links to xm_pcie3_1 node - iio: adc: ad7949: use spi_is_bpw_supported() - regmap: fix potential memory leak of regmap_bus - [amd64] x86/hyperv: Fix usage of cpu_online_mask to get valid cpu - [amd64] platform/x86: Fix initialization order for firmware_attributes_class - [arm*] staging: vchiq_arm: Make vchiq_shutdown never fail - xfrm: state: initialize state_ptrs earlier in xfrm_state_find - xfrm: state: use a consistent pcpu_id in xfrm_state_find - xfrm: Set transport header to fix UDP GRO handling - xfrm: interface: fix use-after-free after changing collect_md xfrm interface - [arm64] net: ti: icssg-prueth: Fix buffer allocation for ICSSG - net/mlx5: Fix memory leak in cmd_exec() - net/mlx5: E-Switch, Fix peer miss rules to use peer eswitch - i40e: report VF tx_dropped with tx_errors instead of tx_discards - i40e: When removing VF MAC filters, only check PF-set MAC - net: appletalk: Fix use-after-free in AARP proxy probe - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode - [arm64] drm/bridge: ti-sn65dsi86: Remove extra semicolon in ti_sn_bridge_probe() - ALSA: hda/realtek: Fix mute LED mask on HP OMEN 16 laptop - [s390x] ism: fix concurrency management in ism_cmd() - [arm64] net: hns3: fix concurrent setting vlan filter issue - [arm64] net: hns3: disable interrupt when ptp init failed - [arm64] net: hns3: fixed vf get max channels bug - [arm64] net: hns3: default enable tx bounce buffer when smmu enabled - [amd64] platform/x86: ideapad-laptop: Fix FnLock not remembered among boots - [amd64] platform/x86: ideapad-laptop: Fix kbd backlight not remembered among boots - drm/amdgpu: Reset the clear flag in buddy during resume - drm/sched: Remove optimization that causes hang when killing dependent jobs - mm/ksm: fix -Wsometimes-uninitialized from clang-21 in advisor_mode_show() - timekeeping: Zero initialize system_counterval when querying time from phc drivers - [arm64] i2c: qup: jump out of the loop in case of timeout - [arm64,armhf] i2c: tegra: Fix reset error handling with ACPI - i2c: virtio: Avoid hang by using interruptible completion wait - bus: fsl-mc: Fix potential double device reference in fsl_mc_get_endpoint() - sprintf.h requires stdarg.h - ALSA: hda/realtek - Add mute LED support for HP Pavilion 15-eg0xxx - ALSA: hda/realtek - Add mute LED support for HP Victus 15-fa0xxx - [arm64] entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() - [arm64] dpaa2-eth: Fix device reference count leak in MAC endpoint handling - e1000e: disregard NVM checksum on tgp when valid checksum bit is not set - e1000e: ignore uninitialized checksum word on tgp - gve: Fix stuck TX queue for DQ queue format - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - nilfs2: reject invalid file types when reading inodes - resource: fix false warning in __request_region() - mm/vmscan: fix hwpoisoned large folio handling in shrink_folio_list - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - [amd64,arm64] usb: typec: tcpm: allow to use sink in accessory mode - [amd64,arm64] usb: typec: tcpm: allow switching to mode accessory to mux properly - [amd64,arm64] usb: typec: tcpm: apply vbus before data bringup in tcpm_src_attach - spi: cadence-quadspi: fix cleanup of rx_chan on failure paths - [amd64] x86/bugs: Fix use of possibly uninit value in amd_check_tsa_microcode() - jfs: reject on-disk inodes of an unsupported type (CVE-2025-37925) - [amd64] comedi: comedi_test: Fix possible deletion of uninitialized timers - [arm64] dts: qcom: x1e78100-t14s: mark l12b and l15b always-on - erofs: simplify z_erofs_load_compact_lcluster() - erofs: refine z_erofs_get_extent_compressedlen() - erofs: use Z_EROFS_LCLUSTER_TYPE_MAX to simplify switches - erofs: simplify tail inline pcluster handling - erofs: clean up header parsing for ztailpacking and fragments - erofs: fix large fragment handling - ext4: don't explicit update times in ext4_fallocate() - ext4: refactor ext4_punch_hole() - ext4: refactor ext4_zero_range() - ext4: refactor ext4_collapse_range() - ext4: refactor ext4_insert_range() - ext4: factor out ext4_do_fallocate() - ext4: move out inode_lock into ext4_fallocate() - ext4: move out common parts into ext4_fallocate() - ext4: fix incorrect punch max_end - ext4: correct the error handle in ext4_fallocate() - ext4: fix out of bounds punch offset - [amd64] KVM: x86: drop x86.h include from cpuid.h - [amd64] KVM: x86: Route non-canonical checks in emulator through emulate_ops - [amd64] KVM: x86: Add X86EMUL_F_MSR and X86EMUL_F_DT_LOAD to aid canonical checks - [amd64] KVM: x86: model canonical checks more precisely - [amd64] KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CVE-2025-38351) - [amd64] x86/hyperv: Fix APIC ID and VP index confusion in hv_snp_boot_ap() - [arm64] dts: qcom: x1-crd: Fix vreg_l2j_1p2 voltage - Revert "wifi: mt76: mt7925: Update mt7925_mcu_uni_[tx,rx]_ba for MLO" - wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure - iio: hid-sensor-prox: Restore lost scale assignments - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - [amd64,arm64] Drivers: hv: Make the sysfs node size for the ring buffer dynamic - ALSA: hda/tegra: Add Tegra264 support - ALSA: hda: Add missing NVIDIA HDA codec IDs - [amd64] drm/i915/dp: Fix 2.7 Gbps DP_LINK_BW value on g4x - Revert "drm/xe/gt: Update handling of xe_force_wake_get return" (Closes: #1109799) - Revert "drm/xe/tests/mocs: Update xe_force_wake_get() return handling" - Revert "drm/xe/devcoredump: Update handling of xe_force_wake_get return" - Revert "drm/xe/forcewake: Add a helper xe_force_wake_ref_has_domain()" - [amd64] KVM: x86: Free vCPUs before freeing VM state - mm: khugepaged: fix call hpage_collapse_scan_file() for anonymous vma . [ Bastian Blank ] * Store build time signing key encrypted. * Enable CRYPTO_ECDSA. . [ Aurelien Jarno ] * Fix installation of DTB files . [ Tj ] * drivers/gpu/drm/nouveau: Enable DRM_NOUVEAU_GSP_DEFAULT (Closes: #1088522) . [ Uwe Kleine-König ] * [armhf] Add phy-gmii-sel module to nic-shared-modules udeb for ti/omap/am335x based machines (e.g. BeagleBone black). . [ Salvatore Bonaccorso ] * d/salsa-ci.yml: Update for trixie: Set RELEASE to trixie live-boot (1:20250815~deb13u1) trixie; urgency=medium . * Upload to trixie . live-boot (1:20250815) unstable; urgency=medium . [ Roland Clobus ] * Don't verify with all checksum files . [ Luca Boccassi ] * Remove live-build's os-release on removal (Closes: #1111039) live-build (1:20250505+deb13u1) trixie; urgency=medium . * Remove os-release diversions once rootfs creation is finished (Closes: #1111039) * Install live-specific os-release only with --system live mame (0.276+dfsg.1-1+deb13u1) trixie; urgency=medium . * Build translations explicitly in the -build-indep target. Translations have been missing since the build was split (closes: #1109978). mariadb (1:11.8.3-0+deb13u1) trixie; urgency=medium . * New upstream maintenance release 11.8.3. For details about fixes please see https://mariadb.com/kb/en/mariadb-11-8-3-release-notes/ * Drop Hurd patches that are now included upstream * Update configuration traces to include new upstream system variables: - analyze-max-length (default: 4294967295) - innodb-linux-aio (default: auto) * Suppress new native AIO warning introduced in upstream a87bb96 to avoid mariadb-test-run failing on something that isn't a real issue * New upstream release includes fix for MDEV-36815 that yielded "ERROR 1267 (HY000): Illegal mix of collations" on some systems when restarting the MariaDB service in Debian (Closes: #1104533) * Remove obsolete cleanup as upstream moved pam_mariadb_mtr.so in c05b1fe * Salsa CI: Remove Buster upgrades and ignore missing Trixie ones * Start branch debian/13-trixie for stable updates mate-sensors-applet (1.26.0-1+deb13u1) trixie; urgency=medium . [ A Mennucc1 ] * NMU to fix: "Crashes on Trixie", thanks to Gleb Golubitsky (Closes: #1100414). mmdebstrap (1.5.7-1+deb13u1) trixie; urgency=medium . [ Jochen Sprickerhof ] * Support numeric UID in /etc/sub[ug]id . [ Johannes Schauer Marin Rodrigues ] * add test for numeric UID in /etc/sub[ug]id modemmanager (1.24.0-1+deb13u1) trixie; urgency=medium . * d/gbp.conf: target stable branch * d/patches: backport upstream fix for Fibocom FM350-GL (Closes: #1110197) mozjs128 (128.14.0-1~deb13u1) trixie; urgency=medium . * New upstream release (Closes: #1111591) - CVE-2025-9181: Uninitialized memory in the JavaScript Engine component - CVE-2025-9185: Memory safety bugs * Branch for trixie network-manager-openvpn (1.12.3-1~deb13u1) trixie; urgency=medium . * Switch debian-branch to debian/trixie * Rebuild for trixie network-manager-openvpn (1.12.2-2) unstable; urgency=medium . * Rename debian-branch to debian/latest as per DEP-14 network-manager-openvpn (1.12.2-1) unstable; urgency=medium . * New upstream version 1.12.2 * Bump Standards-Version to 4.7.2 nginx (1.26.3-3+deb13u1) trixie; urgency=medium . * d/p/CVE-2025-53859.patch add, fix potential information leak in ngx_mail_smtp_module (CVE-2025-53859). node-cipher-base (1.0.4-6+deb13u1) trixie-security; urgency=medium . * Team upload * Add patch to return valid values on multi-byte-wide TypedArray input (Closes: #1111772: node-cipher-base: CVE-2025-9287) node-cipher-base (1.0.4-6+deb12u1) bookworm-security; urgency=medium . * Team upload * Add patch to return valid values on multi-byte-wide TypedArray input (Closes: #1111772: node-cipher-base: CVE-2025-9287) node-tmp (0.2.2+dfsg+~0.2.3-1.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . node-tmp (0.2.2+dfsg+~0.2.3-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54798: Arbitrary file write (Closes: #1110532) node-tmp (0.2.2+dfsg+~0.2.3-1.1~deb12u1) bookworm; urgency=medium . * Non-maintainer upload. * Rebuild for bookworm. . node-tmp (0.2.2+dfsg+~0.2.3-1.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54798: Arbitrary file write (Closes: #1110532) open-iscsi (2.1.11-1+deb13u1) trixie; urgency=medium . * [f3d17cf] initramfs: ensure that /var/lib exists. Thanks to Leon Blakey (Closes: #1103644) openjpeg2 (2.5.3-2.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . openjpeg2 (2.5.3-2.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2025-54874: Out-of-bounds write in opj_jp2_read_header() (Closes: #1110443) orca (48.1-1+deb13u1) trixie; urgency=medium . * control: Add python3-setproctitle and python3-psutil dependencies. orphan-sysvinit-scripts (0.21+deb13u1) trixie; urgency=high . * Make mdadm scripts trigger on mdmonitor.service, mdmon@.service, since mdadm.service got removed (Closes: #1110746) pcre2 (10.46-1~deb13u1) trixie; urgency=high . * New upstream release to fix CVE-2025-58050 (Closes: #1112278) postfix (3.10.4-1~deb13u1) trixie; urgency=medium . * New upstream stable/bugfix version 3.10.4, with a handful of fixes. From the upstream release notes: - Fixes for postscreen(8): * Bugfix (defect introduced: Postfix 2.2, date 20050203): after detecting a lookup table change, and after starting a new postscreen process, the old postscreen process logged an ENOTSOCK error while attempting to accept a connection on a socket that it was no longer listening on. This error was introduced first in the multi_server skeleton code, and was five years later duplicated in the event_server skeleton that was created for postscreen. Problem reported by Florian Piekert. * Bugfix (defect introduced: Postfix 2.8, date 20101230): after detecting a cache table change and before starting a new postscreen process, the old postscreen process did not close the postscreen_cache_map, and therefore kept an exclusive lock that could prevent a new postscreen process from starting. Problem reported by Florian Piekert. - Fixes for tlsproxy(8): * Bugfix (defect introduced: Postfix 3.7): incorrect backwards compatible support for the legacy configuration parameters tlsproxy_client_level and tlsproxy_client_policy. This disabled the tlsproxy TLS client role when a legacy parameter was set (instead of the newer tlsproxy_client_security_level or tlsproxy_client_policy_maps). Reported by John Doe, diagnosed by Viktor Dukhovni. * Bugfix (defect introduced: Postfix 3.4): with the TLS client role disabled by configuration, the tlsproxy daemon dereferenced a null pointer while handling a tlsproxy client request. Reported by John Doe. - Reducing process churn: Postfix daemons no longer automatically restart after a btree:, dbm:, hash:, lmdb:, or sdbm: table file modification time change, when they opened that table for writing. - Portability: deleted an build dependency, because the feature is being removed from OpenSSL, and Postfix no longer needs it. - Cleanup: with "tls_required_enable = yes", the Postfix SMTP client will no longer maintain TLSRPT statistics for messages that contain a "TLS-Required: no" header. This can prevent TLSRPT notifications for TLSRPT notifications. - Bugfix (defect introduced: Postfix 3.6, date 20200710): Postfix TLS client code logged "Untrusted TLS connection" (wrong) instead of "Trusted TLS connection" (right), for a new or resumed TLS session, when a server offered a trusted (valid PKI trust chain) certificate that did not match the expected server name pattern. Fix by Viktor Dukhovni. * d/gbp.conf: debian-branch=debian/trixie * configure-instance.in: fix typo * configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs * configure-instance.in: use home-grown file copy procedure to sync chroot There are a few issues with using cp(1) to update files in chroot, - a file should be copied even if the source date is *less* than the target date (eg, if a package has been downgraded), which is not done by `cp -u` (#1110704), a file should be copied atomically (copy+rename, not truncate+copy), and care should be taken with extra attributes (#1100100). Use a simple perl-based script (using just perl-base) to update files instead, which fixes all this stuff. (Closes: #1100100, #1110704) postfix (3.10.3-3) unstable; urgency=medium . * configure-instance.in: fix typo * configure-instance.in: limit maxdepth=1 in /etc/ssl/certs dirs * configure-instance.in: use home-grown file copy procedure to sync chroot There are a few issues with using cp(1) to update files in chroot, - a file should be copied even if the source date is *less* than the target date (eg, if a package has been downgraded), which is not done by `cp -u` (#1110704), a file should be copied atomically (copy+rename, not truncate+copy), and care should be taken with extra attributes (#1100100). Use a simple perl-based script (using just perl-base) to update files instead, which fixes all this stuff. (Closes: #1100100, #1110704) postgresql-17 (17.6-0+deb13u1) trixie; urgency=medium . * New upstream version 17.6. . + Tighten security checks in planner estimation functions (Dean Rasheed) . The fix for CVE-2017-7484, plus followup fixes, intended to prevent leaky functions from being applied to statistics data for columns that the calling user does not have permission to read. Two gaps in that protection have been found. One gap applies to partitioning and inheritance hierarchies where RLS policies on the tables should restrict access to statistics data, but did not. . The other gap applies to cases where the query accesses a table via a view, and the view owner has permissions to read the underlying table but the calling user does not have permissions on the view. The view owner's permissions satisfied the security checks, and the leaky function would get applied to the underlying table's statistics before we check the calling user's permissions on the view. This has been fixed by making security checks on views occur at the start of planning. That might cause permissions failures to occur earlier than before. . The PostgreSQL Project thanks Dean Rasheed for reporting this problem. (CVE-2025-8713) . + Prevent pg_dump scripts from being used to attack the user running the restore (Nathan Bossart) . Since dump/restore operations typically involve running SQL commands as superuser, the target database installation must trust the source server. However, it does not follow that the operating system user who executes psql to perform the restore should have to trust the source server. The risk here is that an attacker who has gained superuser-level control over the source server might be able to cause it to emit text that would be interpreted as psql meta-commands. That would provide shell-level access to the restoring user's own account, independently of access to the target database. . To provide a positive guarantee that this can't happen, extend psql with a \restrict command that prevents execution of further meta-commands, and teach pg_dump to issue that before any data coming from the source server. . The PostgreSQL Project thanks Martin Rakhmanov, Matthieu Denais, and RyotaK for reporting this problem. (CVE-2025-8714) . + Convert newlines to spaces in names included in comments in pg_dump output (Noah Misch) . Object names containing newlines offered the ability to inject arbitrary SQL commands into the output script. (Without the preceding fix, injection of psql meta-commands would also be possible this way.) CVE-2012-0868 fixed this class of problem at the time, but later work reintroduced several cases. . The PostgreSQL Project thanks Noah Misch for reporting this problem. (CVE-2025-8715) . * Add Turkish debconf translation by Atila KOÇ, thanks! (Closes: #1107984) * Drop hurd-iovec patch, implemented upstream. ptyxis (48.5-1~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Set branches for trixie stable updates . ptyxis (48.5-1) unstable; urgency=medium . * Team upload * New upstream bugfix release - When saving tab state, if the terminal does not have a title, save the tab's initial title instead (ptyxis#428 upstream) - Use the same code for menu -> Show Open Tabs -> New Tab that was already used for Menu -> New Tab, fixing propagation of zoom settings to the newly created tab (ptyxis#435 upstream) - Don't try to chdir() to a working directory that does not have +x permission - Use g_set_str() for less error-prone property setting - Ensure that interface-style action isn't freed prematurely, and explicitly remove it when the window is destroyed, fixing a possible use-after-free when switching between dark and light modes (ptyxis#440 upstream) * Standards-Version: 4.7.2 (no changes required) pyraf (2.2.2-4~deb13u1) trixie; urgency=medium . * Fix graphical init for work with Python 3.13. Closes: #1110708 * Upload to stable qemu (1:10.0.3+ds-0+deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - Update version for 10.0.3 release - hvf: arm: Emulate ICC_RPR_EL1 accesses properly - target/arm: Correct encoding of Debug Communications Channel registers https://gitlab.com/qemu-project/qemu/-/issues/2986 - ui: fix setting client_endian field defaults - hw/net/npcm_gmac.c: Send the right data for second packet in a row - target/i386: do not expose ARCH_CAPABILITIES on AMD CPU - i386/cpu: Honor maximum value for CPUID.8000001DH.EAX[25:14] - i386/cpu: Fix overflow of cache topology fields in CPUID.04H - i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] - ui/vnc: Do not copy z_stream - vhost: Fix used memslot tracking when destroying a vhost device - roms: re-remove execute bit from hppa-firmware* - file-posix: Fix aio=reads performance regression after enablign FUA https://issues.redhat.com/browse/RHEL-96854 - amd_iommu: Fix truncation of oldval in amdvi_writeq - amd_iommu: Remove duplicated definitions - amd_iommu: Fix the calculation for Device Table size - amd_iommu: Fix mask to retrieve Interrupt Table Root Pointer from DTE - amd_iommu: Fix masks for various IOMMU MMIO Registers - amd_iommu: Update bitmasks representing DTE reserved fields - amd_iommu: Fix Device ID decoding for INVALIDATE_IOTLB_PAGES command - amd_iommu: Fix Miscellaneous Information Register 0 encoding - virtio-net: Add queues for RSS during migration - net: fix buffer overflow in af_xdp_umem_create() - accel/kvm: Adjust the note about the minimum required kernel version - linux-user: Use qemu_set_cloexec() to mark pidfd as FD_CLOEXEC - migration: Don't sync volatile memory after migration completes - linux-user: Hold the fd-trans lock across fork https://gitlab.com/qemu-project/qemu/-/issues/2846 - linux-user: Check for EFAULT failure in nanosleep - linux-user: Implement fchmodat2 syscall https://gitlab.com/qemu-project/qemu/-/issues/3019 - hw/arm/fsl-imx8mp: Wire VIRQ and VFIQ - target/arm: Don't enforce NSE,NS check for EL3->EL3 returns https://gitlab.com/qemu-project/qemu/-/issues/3016 - target/i386: fix TB exit logic in gen_movl_seg() when writing to SS https://gitlab.com/qemu-project/qemu/-/issues/2987 - target/arm: Fix bfdotadd_ebf vs nan selection - target/arm: Fix f16_dotadd vs nan selection - target/arm: Fix PSEL size operands to tcg_gen_gvec_ands - target/arm: Fix 128-bit element ZIP, UZP, TRN - target/arm: Fix sve_access_check for SME - target/arm: Fix SME vs AdvSIMD exception priority - hw/s390x/ccw-device: Fix memory leak in loadparm setter - virtio-gpu: support context init multiple timeline - target/arm: Correct KVM & HVF dtb_compatible value - target/arm: Make RETA[AB] UNDEF when pauth is not implemented - tcg: Fix constant propagation in tcg_reg_alloc_dup https://gitlab.com/qemu-project/qemu/-/issues/3002 - target/loongarch: fix vldi/xvldi raise wrong error - target/loongarch: add check for fcond - linux-user/arm: Fix return value of SYS_cacheflush - hw/arm/mps2: Configure the AN500 CPU with 16 MPU regions - qemu-options.hx: Fix reversed description of icount sleep behavior - hw/arm/virt: Check bypass iommu is not set for iommu-map DT property - hw/loongarch/virt: Fix big endian support with MCFG table - hw/core/qdev-properties-system: Add missing return in set_drive_helper() - iotests: fix 240 - target/i386: Remove FRED dependency on WRMSRNS - hw/audio/asc: fix SIGSEGV in asc_realize() - audio: fix size calculation in AUD_get_buffer_size_out() - audio: fix SIGSEGV in AUD_get_buffer_size_out() - hw/i386/amd_iommu: Fix xtsup when vcpus < 255 - hw/i386/amd_iommu: Fix device setup failure when PT is on. - hw/i386/pc_piix: Fix RTC ISA IRQ wiring of isapc machine - vhost: Don't set vring call if guest notifier is unused - hw/arm: Add missing psci_conduit to NPCM8XX SoC boot info - ui/vnc: fix tight palette pixel encoding for 8/16-bpp formats - ui/vnc: take account of client byte order in pixman format - ui/vnc.c: replace big endian flag with byte order value - ui/sdl: Consider scaling in mouse event handling - ui/gtk: Update scales in fixed-scale mode when rendering GL area - gtk/ui: Introduce helper gd_update_scale - ui/gtk: Use consistent naming for variables in different coordinates - ui/gtk: Document scale and coordinate handling - hw/arm/aspeed_ast27x0: Fix RAM size detection failure on BE hosts - hw/misc/aspeed_hace: Ensure HASH_IRQ is always set to prevent firmware hang * d/control.mk: 10.0.3+ds * d/gbp.conf: switch to debian/trixie branch * d/watch: switch to 10.0.x branch * qemu-img-options.patch: adjust help text for "convert" subcommand This patch has been accepted upstrem but without the new option, - do not mention it in help so debian users don't get used to it (the option is accepted still) * d/rules: fix typo in comment (it is qemu-system-data, not qemu-user-data) * d/qemu-user.postinst: trigger /usr/lib/binfmt.d (Closes: #1110982) qemu (1:10.0.2+ds-2+deb13u1) trixie-security; urgency=medium . * d/binfmt-install: stop using C (Credentials) flag for binfmt_misc registration. qemu-user binaries were never meant to be used in suid/sgid scenarios, but was used in debian since late 2009. Any foreign suid/sgid binary accessible to the users, in presence of qemu-user binfmt, is trivially exploitable to gain elevated privileges. This change might break existing setups since for many years people relied on qemu-user binfmt working with suid binaries, but this is a situation where it is definitely better be safe than sorry. * pcie_sriov-Fix-configuration-and-state-synchronizati.patch (Closes: #1109989, CVE-2025-54566, CVE-2025-54567) qemu (1:10.0.2+ds-2+deb13u1~bpo12+1) bookworm-backports; urgency=medium . * Rebuild for bookworm-backports: - disable libblkio - realize pkg.qemu.use-upstream-vdso build profile - disable capstone for qemu-user on arm64 (fails to link) rabbitmq-server (4.0.5-6+deb13u1) trixie; urgency=medium . * Fix rabbitmq-server broken plugin versions by applying patch from the BTS. Thanks to Stefan Bühler for it (Closes: #1110519). . [ Andreas Hasenack ] * Add many autopkgtest. remind (05.03.07-1+deb13u1) trixie; urgency=medium . * fixes buffer overflow in DUMPVARS (Closes: #1111581) renpy (8.3.4+dfsg-2+deb13u1) trixie; urgency=medium . * Fix fonts-roboto -> fonts-robot-hinted breakage (Closes: #1111365) resource-agents (1:4.16.0-3+deb13u1) trixie; urgency=medium . * debian/patches: fix to avoid duplicate route issues (Closes: #1109925) rkward (0.8.0-4.1~deb13u1) trixie; urgency=medium . * Non-maintainer upload. * Rebuild for trixie. . rkward (0.8.0-4.1) unstable; urgency=medium . * Non-maintainer upload. * Backport upstream fixes for R 4.5. (Closes: #1103204) . rkward (0.8.0-4) unstable; urgency=medium . * Team upload. * Bump Standards-Version to 4.7.2, no changes required. * Simplify GPL license text in debian/copyright. * Use the system version of kdsingleapplication: - backport upstream commit 997c8a7280fe0f99a29465f67b56fd001cdac4e1; patch upstream_Make-it-possible-to-build-against-system-kdsingleapp.patch - add the libkdsingleapplication-qt6-dev build dependency rkward (0.8.0-4) unstable; urgency=medium . * Team upload. * Bump Standards-Version to 4.7.2, no changes required. * Simplify GPL license text in debian/copyright. * Use the system version of kdsingleapplication: - backport upstream commit 997c8a7280fe0f99a29465f67b56fd001cdac4e1; patch upstream_Make-it-possible-to-build-against-system-kdsingleapp.patch - add the libkdsingleapplication-qt6-dev build dependency samba (2:4.22.4+dfsg-1~deb13u1) trixie; urgency=medium . * new upstream stable/bugfix release: - https://bugzilla.samba.org/show_bug.cgi?id=14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0 - https://bugzilla.samba.org/show_bug.cgi?id=15663: Apparently there is a conflict between shadow_copy2 module and virusfilter (action quarantine) - https://bugzilla.samba.org/show_bug.cgi?id=15816: vfs_streams_depot fstatat broken - https://bugzilla.samba.org/show_bug.cgi?id=15840: kinit command is failing with Missing cache Error - https://bugzilla.samba.org/show_bug.cgi?id=15844: getpwuid does not shift to new DC when current DC is down - https://bugzilla.samba.org/show_bug.cgi?id=15876: Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName - https://bugzilla.samba.org/show_bug.cgi?id=15877: Fix handling of empty GPO link - https://bugzilla.samba.org/show_bug.cgi?id=15880: SMB ACL inheritance doesn't work for files created - https://bugzilla.samba.org/show_bug.cgi?id=15881: Unresponsive second DC can cause idmapping failure when using idmap_ad (was libads-fix-get_kdc_ip_string.patch) - https://bugzilla.samba.org/show_bug.cgi?id=15891: Figuring out the DC name from IP address fails and breaks fork_domain_child() - https://bugzilla.samba.org/show_bug.cgi?id=15892: Delayed leader broadcast can block ctdb forever * libads-fix-get_kdc_ip_string.patch: remove, included upstream * d/gbp.conf: debian-branch=debian/4.22 sbuild (0.89.3+deb13u1) trixie; urgency=medium . [ Richard Lewis ] * man/sbuild.1.in: fix typo in markup . [ Hiraku Toyooka ] * Allow BUILD_PATH being empty also in command line options . [ Jochen Sprickerhof ] * Fix typo in help string * Support UID in /etc/sub(u|g)id (Closes: #1110876) * Fix build path permissions when building as root * Always append newline in binNMU changelog. Thanks to mjt (Closes: #1111776) shaarli (0.14.0+dfsg-2) trixie; urgency=medium . * Add patch to fix CVE-2025-55291 (Closes: #1111589) sound-theme-freedesktop (0.8-6~deb13u1) trixie; urgency=medium . * Team upload * d/control, d/gbp.conf: Branch for trixie * Rebuild for trixie sound-theme-freedesktop (0.8-5) experimental; urgency=medium . * debian/sound-theme-freedesktop.links: - Link front-center sample to audio-channel-mono so that testing a mono bluetooth speaker plays a real sound rather than just white noise. (LP #1703946) strongswan (6.0.1-6+deb13u1) trixie; urgency=medium . * d/patches: add patches to fix OpenSSL 3.5.1 support (Closes: #1109942) systemd (257.8-1~deb13u1) trixie; urgency=medium . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 systemd-boot-efi-amd64-signed (257.8+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u1 . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 systemd-boot-efi-arm64-signed (257.8+1~deb13u1) trixie; urgency=high . * Sign EFI binaries from systemd-boot-efi 257.8-1~deb13u1 . * ukify: recommend sbsigntool | pesign for signing (Closes: #1108803) * Move bootctl zsh completion file too to new package * systemd-boot-tools: change architecture to linux-any. The tool can be used for cross-building, and it's available on all architectures, not just EFI ones * systemd-boot: fix initramfs post-update hook for uncompressed kernels (Closes: #1109098) * systemd-boot: register interest in systemd-boot-signed trigger (Closes: #1109984) * NEWS: fix typo (Closes: #1109979) * systemd-boot: fix registering/removing uncompressed kernels * d/t/control: prefer systemd-boot-tools if available * Update upstream source from tag 'upstream/257.8' Update to upstream version '257.8' with Debian dir 7153da4dd3bde82b88c5f48d704826e431373076 thunar (4.20.2-1+deb13u1) trixie; urgency=medium . * d/patches: add fix to always warn users before permanente deletion (Closes: #1110905) thunderbird (1:128.14.0esr-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security thunderbird (1:128.14.0esr-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security timescaledb (2.19.3+dfsg-1+deb13u1) trixie; urgency=medium . * Disable append test, fails with PG 17.6. (Closes: #1112190) transmission (4.1.0~beta2+dfsg-3+deb13u1) trixie; urgency=medium . * fix GTK app crash when LANG=fr (Closes: #1108194, #1110257) tzdata (2025b-4+deb13u1) trixie; urgency=medium . * Backport leap second update from upstream udisks2 (2.10.1-12.1+deb13u1) trixie-security; urgency=high . * Non-maintainer upload by the Security Team. * udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) webkit2gtk (2.48.5-1~deb13u1) trixie-security; urgency=medium . * Rebuild for trixie-security. webkit2gtk (2.48.5-1~deb12u1) bookworm-security; urgency=medium . * Rebuild for bookworm-security. * Disable sysprof profiling integration to avoid new dependencies: - debian/control.in: Don't depend on libsysprof-capture-4-dev. - debian/rules: Build with -DUSE_SYSPROF_CAPTURE=OFF. * Disable JPEG XL to avoid adding new dependencies. - debian/control.in: Remove build dependency on libjxl-dev. - debian/rules: Build with -DUSE_JPEGXL=OFF. * debian/rules: - Enable ENABLE_SOUP2 and USE_OLD_PKG_NAMES to keep using the old package names. * debian/control-common.in: - Make the -dev packages depend on the gir packages. * debian/control.in: - Build depend on ccache. * Use clang-16 instead of clang. wolfssl (5.7.2-0.1+deb13u1) trixie; urgency=medium . * Fix CVE-2025-7394: weak/predictable random numbers. (Closes: #1109549) ========================================================================= [Date: Sat, 06 Sep 2025 08:59:27 -0000] [ftpmaster: Archive Administrator] Removed the following packages from stable: guix | 1.4.0-9 | source, amd64, arm64, armhf, i386, ppc64el, riscv64 Closed bugs: 1112248 ------------------- Reason ------------------- RoM; unsupportable; security issues ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:06 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: btrfs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x cdrom-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x crypto-dm-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x crypto-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x dasd-extra-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x dasd-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x ext4-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x f2fs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x fat-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x isofs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x kernel-image-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x linux-headers-6.12.41+deb13-s390x | 6.12.41-1 | s390x linux-image-6.12.41+deb13-s390x | 6.12.41-1 | s390x linux-image-6.12.41+deb13-s390x-dbg | 6.12.41-1 | s390x loop-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x md-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x mtd-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x multipath-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x nbd-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x nic-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x scsi-core-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x scsi-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x udf-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x xfs-modules-6.12.41+deb13-s390x-di | 6.12.41-1 | s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:19 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 btrfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 cdrom-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 crypto-dm-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 crypto-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 drm-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ext4-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 f2fs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 fat-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 fb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 input-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 isofs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 jfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 kernel-image-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 linux-headers-6.12.41+deb13-riscv64 | 6.12.41-1 | riscv64 linux-image-6.12.41+deb13-riscv64 | 6.12.41-1 | riscv64 linux-image-6.12.41+deb13-riscv64-dbg | 6.12.41-1 | riscv64 loop-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 md-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mmc-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mmc-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 mtd-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 multipath-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nbd-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-shared-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-usb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 nic-wireless-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 pata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ppp-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 sata-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-core-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 scsi-nic-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 squashfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 udf-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-serial-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 usb-storage-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 xfs-modules-6.12.41+deb13-riscv64-di | 6.12.41-1 | riscv64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:13:45 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-amd64 | 6.12.41-1 | amd64 linux-headers-6.12.41+deb13-cloud-amd64 | 6.12.41-1 | amd64 linux-headers-6.12.41+deb13-rt-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64-unsigned | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64-unsigned | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64-dbg | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64-unsigned | 6.12.41-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:18 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-kbuild-6.12.41+deb13 | 6.12.41-1 | amd64, arm64, armel, armhf, i386, ppc64el, riscv64, s390x ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:36 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-arm64 | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-arm64-16k | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-cloud-arm64 | 6.12.41-1 | arm64 linux-headers-6.12.41+deb13-rt-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64-unsigned | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64-dbg | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64-unsigned | 6.12.41-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:14:50 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-rpi | 6.12.41-1 | armel linux-image-6.12.41+deb13-rpi | 6.12.41-1 | armel linux-image-6.12.41+deb13-rpi-dbg | 6.12.41-1 | armel ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:02 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf btrfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf cdrom-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf crypto-dm-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf crypto-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf drm-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ext4-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf f2fs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf fat-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf fb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf input-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf isofs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf jfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf kernel-image-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-armmp | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-armmp-lpae | 6.12.41-1 | armhf linux-headers-6.12.41+deb13-rt-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-dbg | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-lpae | 6.12.41-1 | armhf linux-image-6.12.41+deb13-armmp-lpae-dbg | 6.12.41-1 | armhf linux-image-6.12.41+deb13-rt-armmp | 6.12.41-1 | armhf linux-image-6.12.41+deb13-rt-armmp-dbg | 6.12.41-1 | armhf loop-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf md-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf mmc-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf mtd-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf multipath-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nbd-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-shared-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-usb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf nic-wireless-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf pata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ppp-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf sata-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-core-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf scsi-nic-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf sound-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf speakup-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf squashfs-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf udf-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf uinput-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-serial-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf usb-storage-modules-6.12.41+deb13-armmp-di | 6.12.41-1 | armhf ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:17 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el btrfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el cdrom-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el crypto-dm-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el crypto-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el drm-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ext4-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el f2fs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el fat-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el fb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el firewire-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el hypervisor-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el input-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el isofs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el jfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el kernel-image-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el linux-headers-6.12.41+deb13-powerpc64le | 6.12.41-1 | ppc64el linux-headers-6.12.41+deb13-powerpc64le-64k | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-64k | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-64k-dbg | 6.12.41-1 | ppc64el linux-image-6.12.41+deb13-powerpc64le-dbg | 6.12.41-1 | ppc64el loop-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el md-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el mtd-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el multipath-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nbd-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-shared-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-usb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el nic-wireless-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ppp-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el sata-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-core-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el scsi-nic-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el serial-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el squashfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el udf-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el uinput-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-serial-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el usb-storage-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el xfs-modules-6.12.41+deb13-powerpc64le-di | 6.12.41-1 | ppc64el ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:33 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 btrfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 cdrom-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 crypto-dm-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 crypto-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 drm-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ext4-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 f2fs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 fat-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 fb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 firewire-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 input-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 isofs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 jfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 kernel-image-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-cloud-amd64 | 6.12.41-1 | amd64 linux-image-6.12.41+deb13-rt-amd64 | 6.12.41-1 | amd64 loop-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 md-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mmc-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mmc-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 mtd-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 multipath-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nbd-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-pcmcia-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-shared-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-usb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 nic-wireless-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pcmcia-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 pcmcia-storage-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ppp-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 rfkill-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 sata-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-core-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 scsi-nic-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 serial-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 sound-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 speakup-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 squashfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 udf-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 uinput-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-serial-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 usb-storage-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 xfs-modules-6.12.41+deb13-amd64-di | 6.12.41-1 | amd64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-amd64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:15:46 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: ata-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 btrfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 cdrom-core-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 crypto-dm-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 crypto-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ext4-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 f2fs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 fat-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 fb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 input-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 isofs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 jfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 kernel-image-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-arm64-16k | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-cloud-arm64 | 6.12.41-1 | arm64 linux-image-6.12.41+deb13-rt-arm64 | 6.12.41-1 | arm64 loop-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 md-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 mmc-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 multipath-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nbd-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-shared-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-usb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 nic-wireless-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ppp-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 sata-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-core-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 scsi-nic-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 sound-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 speakup-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 squashfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 udf-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 uinput-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-serial-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 usb-storage-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 xfs-modules-6.12.41+deb13-arm64-di | 6.12.41-1 | arm64 ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux-signed-arm64) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:16:14 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: linux-headers-6.12.41+deb13-common | 6.12.41-1 | all linux-headers-6.12.41+deb13-common-rt | 6.12.41-1 | all linux-support-6.12.41+deb13 | 6.12.41-1 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by linux - based on source metadata) ---------------------------------------------- ========================================================================= ========================================================================= [Date: Sat, 06 Sep 2025 09:18:47 -0000] [ftpmaster: Joerg Jaspert] Removed the following packages from stable: debian-installer-13-netboot-mips64el | 20250515 | all ------------------- Reason ------------------- [auto-cruft] NBS (no longer built by debian-installer-netboot-images - based on source metadata) ---------------------------------------------- ========================================================================= ======================================= Sat, 09 Aug 2025 - Debian 13.0 released =======================================